We don’t recall seeing Spotify used as a phish before - we’ve seen MANY other brands 🤣
This phish email came by so we thought we would share it. Here’s the email:
Nice and simple, one big button to click, except if you hover over the button to see where it will take you the url ends in .ru (Russia). That should be enough for you to stop right there. Nothing in the url indicates Spotify and .ru domains should (in the most) be regarded with deep suspicion
Phish Red flags 🚩
1 🚩Social engineering red flag - fear. Not quite perfect though, it should probably be “reminder” not “remind” 🤦♂️
2 🚩Nothing there about Spotify, although sometimes brands DO send out emails from weird email addresses
3 🚩Call to action. Always HOVER over these types of button to show where you are going to be taken if you click
For your delectation and delight, we did however follow the link - we do this in a safe manner, we don’t recommend you “try this at home” 🤣🤣
The link takes us to this page and something else to click on!
This time (and the link actually failed), we strongly suspect it would have taken you to a lookalike Spotify web page where (if entered) your credit card information would be harvested
Stay safe out there!
Comments