Blog

Recently, AppRiver detected a phishing campaign that was targeting Spotify customers by email with the purpose of hijacking the owner’s account. The attacker attempted to dupe users into clicking on a phishing link that would redirect them to a deceptive website. Once at the site, users were prompted to enter their user name and password (surprise!), giving the attacker the ability to hijack the account.

Below is an example of the phishing email.

The first clue this is a phishing attempt is in the From Address of the email.

The From Address domain is not from Spotify. This is one of several indications of a phishing campaign. However, keep in mind that hackers are tricky and can spoof From Addresses to an actual Spotify domain. It’s always best to remain skeptical and continue to check the email for other signs it is a phishing attempt.

The main indication of a phishing campaign is the payload.

In this instance, the attacker wants the unsuspecting user to click on a green button with the words “CONFIRM ACCOUNT.” Just above the button, the hacker attempts to lure them in further by urging the user to confirm their account to remove restrictions on the account.

The link button should never be clicked without first previewing the URL. To do so, hover your mouse over the clickable button to see the destination link.

In this case, you notice the link is not taking you to an official Spotify page.

This URL will redirect you to a deceptive website (below). The attacker has setup a well-disguised login page that looks identical to the actual Spotify login page. However, they can’t hide the actual URL in the web address browser.

MORAL OF THE STORY

Make it a best practice to always check the URLs in every email message you receive. When in doubt, don’t click or open the email. If you are an AppRiver customer, forward the email to spam@appriver.com and our 24/7 trained cyber security specialists will review the email for your safety.

There is never a shortage of spam, malware, phishing or nefarious websites. Malicious actors work around the clock, and so do we at AppRiver – staying one step ahead of the attackers.