Spotify Phishing Scam Exposed: User Accounts Breached

Dec 2, 2018


Researchers at AppRiver have noticed a Spotify phishing cheat that tries to get users to disclose their Spotify identifications. The electronic mails use brand imaging that makes the electronic mails seem to have been sent by the music streaming facility. The messages are realistic, even though there are indications that the messages are not genuine.

The electronic mail template used in the Spotify phishing scam asserts the user needs to verify their account details to get rid of restrictions and make sure they can carry on to use their account. The messages contain the Spotify logo and contact information in the footer. The electronic mails have a connection that account holders are requested to click to take them to the Spotify website where they are invited to enter in their account identifications.

The Spotify phishing scam doesn’t contain a spoofed sender electronic mail address which makes this cheat quite easy to identify. Spotify is mentioned in the electronic mail address, but the domain makes it clear that the electronic mail has not come from a domain used by Spotify. That said, several electronic mail receivers might fail to check the sender name and might click the link and be directed to the phishing web page.

The phishing web page used to collect account identifications also has Spotify branding and seems to be almost identical to the genuine Spotify login page. The only indication that the website is not genuine is the URL.

The information gathered through this phishing cheat could let the attacker gain control of a user’s account. The password to the site will be obtained, which might be used to gain access to other accounts maintained by the sufferer if the password has been reused on other websites. Passwords can also disclose other information concerning a person, such as their date of birth, and can provide hints as to how their passwords are formed. That can make brute force attacks on other websites much easier and faster to execute.