Spotify is a popular and well trusted company with an immensely large customer database, so their branding makes a good lure for cybercriminals looking to deceive people. These include several spacing and formatting errors in the body of the email. false urgency a subject line such as ‘Your payment didn’t go through’ creates a sense of panic and anxiety.ĭespite these techniques to fool users into thinking the email is authentic, eagle-eyed recipients will spot red flags that point to its illegitimacy.inclusion of ‘Terms & Conditions’ and ‘Privacy Policy’ links that are typically expected of a well-established company in the phishing pages and,.use of a major brand name to inspire false trust the usage of the supposed ‘Spotify’ display name boosts the email's credibility,.In addition, the email contains several other techniques that are designed to trick recipients: Cybercriminals have taken great pains to incorporate the exact colour scheme, logo, fonts and popular images commonly found in Spotify pages in a bid to convince the user that the email is actually originating from the digital music service. This time, it asks users to update their billing address, as per the below:Ĭlicking ‘finish’ finally redirects users to a Spotify page containing a ‘404 error’.Īs you can see from the screenshots above, all of the phishing pages are legitimate-looking copies of pages purporting to be from Spotify. Having inserted their credit card details, users are then led to a third page using the same branding & logos. These include their credit card & CCV numbers. Upon ‘logging in’, users are then taken to a similar-looking page asking them for to update their payment information. Unsuspecting recipients who click on the link to ‘Get Premium’ are led to a fake Spotify-branded phishing page that asks for their login details: To fix this problem, a button is provided with the words ‘Get Premium’. As a consequence, ‘you will now start hearing ads and you can no longer listen to your favourite songs offline’. It informs recipients that because their payment wasn’t accepted, their subscription has been paused. The body of the email contains the Spotify logo. The malicious emails arrive in inboxes using the display name ‘Spotify’ and are titled ‘Your payment didn’t go through’.
MailGuard intercepted an email phishing scam purporting to be from Spotify today morning (AEST), the 5 th of December. Receiving an urgent email from one of the world’s leading brands may cause you to sit up and take notice, but sometimes it also calls for a critical need to be more vigilant before taking action.
0 kommentar(er)
