The Spotify Phishing Attack That Tricks Users Through Fake Failed Payment Notices

Heads up Spotify users! A new phishing attack is in the wild that lures Spotify users into revealing their banking details. Fortunately, identifying the legitimacy of the email isn’t too difficult for a savvy user.

The Australian email security firm MailGuard recently warned users of a new Spotify phishing campaign in the wild. This phishing attack aims at Spotify users in an attempt to steal their payment card data.

As elaborated in the blog post, the attackers behind this campaign have made every effort to design legit-looking emails. From the subject line to the contents of the email and the phishing web pages in which they have attempted to impersonate the original Spotify layout.

The attack begins from the fake email reaching the users’ inbox with the subject “Your payment didn’t go through”. Opening the email then shows a message to the user regarding a failed payment for their Spotify account.

Source: MailGuard

Once a user clicks on ‘Get Premium’, he or she lands on the first phishing web page. Here, the user has to sign-in to the Spotify account. Entering the credentials here allows the attacker access to the victims account login details.

Source: MailGuard

Clicking on the ‘Log In’ button then takes the victim to the next page asking payment card data.

Source: MailGuard

Then, upon clicking on the ‘Continue’ button, the victim lands on the last web page of this phishing attack which asks the victim to enter their billing address.

Source: MailGuard

Clicking on the ‘Finish’ button lands the victim to a non-existent page showing 404 not found error, thereby ending the attack. As always, the victim ends up losing important details to the hacker.

You Might Also Like