Spotify Phishing Attack Is Stealing Credit Card Details

A new sophisticated phishing campaign is aimed at getting Spotify users to reveal their credit card information.

Australian security firm MailGuard spotted the email scam beginning on December 5th.

According to MailGuard:

“The malicious emails arrive in inboxes using the display name ‘Spotify’ and are titled ‘Your payment didn’t go through’. The body of the email contains the Spotify logo. It informs recipients that because their payment wasn’t accepted, their subscription has been paused. As a consequence, ‘you will now start hearing ads and you can no longer listen to your favourite songs offline’. To fix this problem, a button is provided with the words ‘Get Premium’.  

Latest Hacking News offers these tips to spot the scam:

Observing these differences can allow a savvy user to identify the deception. At first, the sender’s email address isn’t a legit one. A quick look at the complete sender’s address would reveal the fake web link. Similarly, there are numerous formatting errors in the email body that help to indicate the falsehood of the message.