How to avoid this convincing Spotify phishing email

ByCraig Haley

Users of the music streaming service Spotify should be aware of a convincing phishing scam spreading between inboxes claiming the service could not take payment and have paused the recipient’s subscription.

SCAM
Type of Scam: Phishing Email
Attack Type: Link to Phishing Website
Social Engineering Technique: Account has been locked/restricted.

Phishing scams have become increasingly convincing over the years, and that is partly because phishing scammers have come up with effective tricks of making their scam emails appear authentic.

One such method is to simply copy legitimate emails sent by various companies and use them in their phishing email campaigns.

This prevents the resulting phishing emails from containing poor grammar, spelling and formatting; red flags that so often help would-be victims determine that an email is indeed a scam.

Take for instance one email that came into our inbox this week.

On first glance, it appears to be an email from Spotify warning us about a paused subscription. The email appear authentic and sounds like an email we could expect from such a service. With the exception of the blocked images (that our email client blocked) and the To: email at the top, the email itself appears entirely genuine.


Sponsored Content. Continued below...




But it isn’t. It’s a phishing scam that links to a spoof phishing website. See the image below (and note the web address that certainly isn’t Spotify!) Of course any of our regular readers will know that the username and password combo being requested by the webpage will be sent straight to scammers.

Thankfully by the time we opening the fake link, Google Chrome had already labelled the domain as dangerous. Of course for newer scams this error won’t appear. We have to rely on our own wits.

Red flags such as poor spelling and grammar are still great ways for spotting scam emails, but this goes to show that you shouldn’t rely on them alone.

Instead, if you’re using a laptop/PC, hover over the link to see a preview of the destination URL to see if its legitimate. If you can’t, simply go directly to the relevant website from your browser and login, and from there you’ll be able to see if there is any action needed on your account.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)