Some cyber criminals are currently sending out phishing mails to some bloggers. The goal of the online identity theft is to harvest the usernames and passwords of blogs hosted on Blogger. If you are not careful, your blog might be hijacked and you might have to pay some ransom before they can restore it for you.
A friend of mine suffered from phishing attack yesterday. Her blog was hijacked which gave the criminals access to her Google account. They changed her Google account recovery phone number and email address. Hence, she couldn't access GMail nor her blog.
The criminals, mailed her that her blog will be suspended within 24 hours, claiming to have found some Malware and Trojan virus on her blog. The links in the mail pointed to a phishing site that mimicked the Blogger homepage.
I guess she was scared of losing her big blog. Hence, she went ahead in a hurry to log in on the fake page. The criminals harvested her info and used it to hijack her blog.
Below is a screenshot of the phishing mail:
Look closely, did you notice the GMail address? That alone should tell you it is a phishing mail. More so, Blogger will never mail you with a GMail address. I am still wondering why the criminals used a GMail there because professional criminals will be smarter than this.
Imagine, the criminals even used goo.gl to shorten theirs links. lol. Blogger will never do this.
Clicking the links lead to this fake Blogger page.
Look closely at the URL in the address bar. When did Google change Blogger address to liberty0.5gbfree.com?
Even if you type in www.blogger.com into your browser, it changes to a long secured URL and not this shit.
Well, her blog has been restored. It was easy for her to restore the blog because there was a recovery phone number in her account before it was hijacked.
If your Google account get compromised and the criminals change your recovery phone number, Google will still give you the option of verifying your ownership via the deleted phone number. The hijackers don't have control over this verification system. That's where she defeated them.
According to Google, having a mobile phone number on your account is one of the easiest and most reliable ways to help keep your account safe and ensure that you can get back into your account if your account is hijacked or you forget your password.
Your mobile phone is a more secure identification method than your recovery email address or a security question because, unlike the other two, you have physical possession of your mobile phone.
Cyber criminals target Blogger accounts without phones because they're easier targets. Add a phone number now and join hundreds of millions of other Google users who have helped stop the criminals in their tracks.
Before this week runs out, I will try and share with you how to get back your blog once compromised and tips on keeping your account secured. Subscribe to my blog if you don't want to miss the tips.
Stay safe and happy blogging!