U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Very trivial Spotify phishing campaign uncovered by experts

Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify. The phishing campaign was discovered earlier November, attackers used convincing emails to trick Spotify users into providing their account credentials. The messages include a […]

spotify phishing

Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it.

Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify.

The phishing campaign was discovered earlier November, attackers used convincing emails to trick Spotify users into providing their account credentials.

The messages include a link that points to phishing websites that prompt users into entering their username and password. Attackers use them to compromise the Spotify accounts and any other account on other services that share the same credentials.

“Recently, AppRiver detected a phishing campaign that was targeting Spotify customers by email with the purpose of hijacking the owner’s account.” reads the analysis published AppRiver.

“The attacker attempted to dupe users into clicking on a phishing link that would redirect them to a deceptive website. Once at the site, users were prompted to enter their user name and password (surprise!), giving the attacker the ability to hijack the account.”

spotify phishing campaign

Attackers set up a login page that looks identical to the actual Spotify login page, but with an URL that isn’t the legitimate one.

Experts also pointed out that the “From Address domain is not the official Spotify one.

The attacker trick victims into clicking on a green button with the words “CONFIRM ACCOUNT.” The messages pose themselves as urgent communication about account restrictions that could be removed with an action of the users.

Clicking on the button, users are redirected to a phishing page.

Sincerely speaking, this specific campaign is not complex and could be easily spotted by most of the users.

The post published by the experts has just one goal, share information about a campaign that could deceive non-tech-savvy users, for this reason, I decided to speak about the Spotify campaign too.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Spotify phishing campaign, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]