Very trivial Spotify phishing campaign uncovered by experts

From securityaffairs.co

Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it.

Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify.

The phishing campaign was discovered earlier November, attackers used convincing emails to trick Spotify users into providing their account credentials.

The messages include a link that points to phishing websites that prompt users into entering their username and password. Attackers use them to compromise the Spotify accounts and any other account on other services that share the same credentials.

“Recently, AppRiver detected a phishing campaign that was targeting Spotify customers by email with the purpose of hijacking the owner’s account.” reads the analysis published AppRiver.

“The attacker attempted to dupe users into clicking on a phishing link that would redirect them to a deceptive website. Once at the site, users were prompted to enter their user name and password (surprise!), giving the attacker the ability to hijack the account.”

Read more…