Beware: Scammers mimic Spotify to steal your data

Scammers are impersonating Spotify. Users of this popular app might receive a fake email, which, if carelessly opened, could lead to serious consequences.

Cybercriminals are trying to deceive their victims by impersonating popular companies. One phishing campaign currently targets Spotify. Scammers are sending out fake emails that encourage clicking a link to "update your payment method."

This email is convincing because the sender's address looks identical to the real domain of the music service. Only upon close examination can one notice that it is completely different. It's not surprising that users easily fall into the trap, as the content of the email is much better crafted than most spam.

The link leads to a page impersonating Spotify. The first step to "verify your payment method" is to log into the service. The welcome page looks very convincing, with the only giveaway being the incorrect URL.

If someone enters their login details, they are immediately redirected to a tab dedicated to paying for a subscription. "Updating" the payment method requires providing information such as a first name, credit card details, and a residential address. In the case of this scam, one may encounter two serious issues.

The first is sharing your login information on a fake site, which allows cybercriminals to access your Spotify account. After changing the password, regaining control over your account may be difficult.

The second issue is providing credit card details. Scammers could use this information to activate a paid subscription on your account or to authorize transactions. You might notice regular statements from your account without even being aware of it.

If you’ve received such a message, first and foremost, remain calm. You are not in danger if you don’t click on the link and provide your details. Just report the message as spam, and you can forget about it.

However, if you did provide your login and credit card details, it’s crucial to log into your Spotify account and change the login information. Make sure the new password is strong and unique. You can also secure your access by activating two-step verification. Then, contact your bank and block your credit card.