Connect with us

Technology

Spotify scam warning on emails fraudulently telling users their payments have failed

Published

on

/ 6375 Views

Customers of streaming giant Spotify are being warned to be aware of a phishing scam designed to swindle personal details and money out of unsuspecting users.

Email spam protection service MailGuard discovered the sneaky tactic last week when it started blocking the scam emails bearing the subject line: “Spotify: We’re unable to bill you.”

WATCH THE VIDEO ABOVE: Queensland man wanted for bizarre ‘humming’ box cash copying scam.

Watch the latest News on Channel 7 or stream for free on 7plus >>

“The sender name reads ‘Last Reminder’, but it’s actually sent from what appears to be a compromised support account belonging to a South African business,” it warned in a blog post.

The email includes the Spotify logo in its header to seem more authentic and tells the recipient they need to update their payment details as the service is “unable to bill”.

Email spam protection service MailGuard discovered the phishing email last week with the subject line:  “Spotify: We’re unable to bill you.” Credit: MailGuard

It warns recipients, “you will lose access to your account if there is no payment method associated with your account” and offers a link to update their information.

MailGuard warns this is a common tactic among cybercriminals to create a sense of fear and urgency.

“By threatening to revoke access, the attacker aims to manipulate the recipient into taking immediate action without thinking critically about the tell-tale signs of a scam hidden in the email and phishing page,” it said.

Clicking the “update information” button takes the recipient to a fake Spotify page where they are asked to update their payment details and provide their name, address, card number, expiration date and CVV.

The victim is then taken to another page that asks them to enter a one-time security code sent to their number.

“These verification pages are commonly used when purchasing items online, so it may not raise suspicion in the victim,” MailGuard said.

“However, in phishing attacks, it’s often an indication that the scammer is attempting to charge the victim’s card to confirm its validity.”

‘Do not click’

Spotify says it will never ask for personal information over email or ask users to download anything from emails.

It does, however, send emails about account activity such as new logins or new family members using the service to keep the account safe.

“An email is suspicious if the sender email doesn’t end in “@spotify.com”, or if you’re simply not sure about it,” it says.

The streaming service’s advice is: do not respond to, click any links or download anything in the email.

For those who already did, reset your password, change your password on any other sites using the same one and contact your bank if you think your financial details have been compromised.

Report suspicious emails by forwarding them to [email protected].

Trending