Google researchers have detected phishing attacks originating inside Iran that target tens of thousands of Gmail users from that country, a company official said in a blog post published Wednesday. The attacks appear to come from the same group that pulled off a much more sophisticated attack in 2011 involving a forged secure sockets layer certificate for the Google domain name.

“The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday,” wrote Eric Grosse, Google's VP of Security Engineering.

He said the attacks were aimed at Iran-based account holders who were sent an e-mail, purporting to be from Google, asking the user to add an alternative e-mail address to their accounts. When users clicked on a URL provided in the e-mail, they were taken to a fake Google sign-in page that collected the victim’s username and password.

While Grosse called these phishing attempts “routine,” he also noted that researchers believe the attackers are the same as those responsible for an attack two years ago in which the attackers forged some SSL certificates for *.google.com that enabled them to impersonate Gmail and other Google Web pages. The bogus credential was stolen after attackers breached the network of Dutch certificate authority DigiNotar. Google ended up blocking all certificates from DigiNotar, and then confirmed a week later that Iranian accounts were the object of the attack. An investigation later showed that about 300,000 people, many located in Iran, were exposed to the fraudulent certificate as they accessed Gmail servers.

The phishing attacks disclosed Wednesday didn't seem to be quite as serious, but Google is urging its customers in Iran to enable 2-step verification, to make sure that they only sign in to their Google accounts over HTTPS, and to keep their browsers up-to-date. Google also said it is directly notifying its affected users with a message at the top of their Gmail inbox.