- Researchers spotted a new phishing campaign targeting Spotify customers
- The campaign targets to steal users account credentials by redirecting to them fake Spotify website.
- The campaign was discovered by Security researchers at AppRiver.
Security researchers have discovered a new email phishing campaign targeting Spotify customers.
The new phishing campaign was discovered by Security researchers at AppRiver aiming to steal account credentials of Spotify customers.
“Recently, AppRiver detected a phishing campaign that was targeting Spotify customers by email with the purpose of hijacking the owner’s account. The attacker attempted to dupe users into clicking on a phishing link that would redirect them to a deceptive website.”
In the email, the users are asked to confirm their account by clicking it in order to remove any restriction for their account and to verify their account.
Once the user clicks ‘Confirm Account’ button they will be redirected to a fake website which will be identical to the original Spotify website.
In the website, users will be asked to enter their username and password to confirm their account. Once the user enters the credentials attackers use them to compromise the Spotify accounts and other accounts with same credentials.
Researchers discovered that the From address domain used in the phishing email was not from Spotify.
Users can just identify it is a fake website by just checking the URL of the website which they redirected to confirm their account.
Users are advised always to check the From address and URL’s in every email you receive. If you find anything suspicious don’t open or click any link in the email.
You may be interested in reading:Cathay Pacific Airline Announces Data Breach Affecting 9.4 million Passengers