Spotify scam warning on emails fraudulently telling users their payments have failed
Customers of streaming giant Spotify are being warned to be aware of a phishing scam designed to swindle personal details and money out of unsuspecting users.
Email spam protection service MailGuard discovered the sneaky tactic last week when it started blocking the scam emails bearing the subject line: “Spotify: We’re unable to bill you.”
WATCH THE VIDEO ABOVE: Queensland man wanted for bizarre ‘humming’ box cash copying scam.
Watch the latest News on Channel 7 or stream for free on 7plus >>
“The sender name reads ‘Last Reminder’, but it’s actually sent from what appears to be a compromised support account belonging to a South African business,” it warned in a blog post.
The email includes the Spotify logo in its header to seem more authentic and tells the recipient they need to update their payment details as the service is “unable to bill”.
It warns recipients, “you will lose access to your account if there is no payment method associated with your account” and offers a link to update their information.
MailGuard warns this is a common tactic among cybercriminals to create a sense of fear and urgency.
“By threatening to revoke access, the attacker aims to manipulate the recipient into taking immediate action without thinking critically about the tell-tale signs of a scam hidden in the email and phishing page,” it said.
Clicking the “update information” button takes the recipient to a fake Spotify page where they are asked to update their payment details and provide their name, address, card number, expiration date and CVV.
The victim is then taken to another page that asks them to enter a one-time security code sent to their number.
“These verification pages are commonly used when purchasing items online, so it may not raise suspicion in the victim,” MailGuard said.
“However, in phishing attacks, it’s often an indication that the scammer is attempting to charge the victim’s card to confirm its validity.”
‘Do not click’
Spotify says it will never ask for personal information over email or ask users to download anything from emails.
It does, however, send emails about account activity such as new logins or new family members using the service to keep the account safe.
“An email is suspicious if the sender email doesn’t end in “@spotify.com”, or if you’re simply not sure about it,” it says.
The streaming service’s advice is: do not respond to, click any links or download anything in the email.
For those who already did, reset your password, change your password on any other sites using the same one and contact your bank if you think your financial details have been compromised.
Report suspicious emails by forwarding them to [email protected].
Kevin De Bruyne insists Champions League final won't 'define' his career
Heartbreaking Moments: Dogs’ Last-Minute Behavioral Patterns Spotted by Vets
Homo naledi had a brain one-third the size of humans but displayed intelligence far beyond, according to new discovery
'Age of Influence': New Hulu docuseries explores dark side of social media influencers
Counteroffensive? Probing defenses? What's playing out on Ukraine's battlefields?
Dropbox drops integration with Google Docs, Sheets
France rolls out the red carpet for EV battery factories
YouTube TV faces issues with family sharing accounts
Gmail gets AI upgrade to make searching easier
Majority of EU countries against network fee levy on Big Tech
Canada facing rising threat from cyberattacks, defence minister
Twitter's head of brand safety and ad quality to leave
Apple expected to unveil mixed-reality headset