Spotify, a famous and top music streaming service of the world is now running into new trouble that may cause trouble with its customers later. Its fame is now used by a few bunches of hackers to spoil its customers. Hackers are said to be impersonating Spotify’s brand value by creating an identical site as of Spotify’s Premium Account Payment. Here’s how it goes;
The Operation Flow
Their method is simple. They just try getting noticed by users with emails and lure them into entering their sensitive data to capture it. Firstly, they send a fake email (that’s highly resembling as actual Spotify’s) to the user, where it says as; Your payment didn’t go through. So You will now start hearing ads and you can no longer listen to your favorite songs offline. And all these catching words are followed by a Get Premium button to let you follow onto the next phishing page. Upon clicking on getting Premium, users would be asked to login onto their Spotify account. It’s showing up a phishing site that’s not real. Further, after logging in, the user would be asked to Update Their Payment Method. Here, users would be asked to enter details of sensitive card data like a number, CVV code, etc along with the Billing Info on a later page. At last, this asking ends with an Error 404 page. The hackers have done a good homework of imitating Spotify’s brand image, its color and almost everything that seems as real from the company. A normie who’s unaware of detecting general phishing emails would fall victim to them. A phishing email or site, that’s claims to be original shall have spelling mistakes, grammatical errors, upper/lower casing of letters and other errors. A close look into credentials would make it easy for anyone to detect that it isn’t from the company. While we disclose our email addresses here and there, this data falling into bad hands is subject to risk. Hackers as in this case, try segregating general users’ email data with the ones who’re having Spotify accounts, to start to target them with such phishing emails. Source: MailGuard