top of page
  • OpaCyber

If you listen to a music-streaming service it might be this one, and this just might catch you out!

We don’t recall seeing Spotify used as a phish before - we’ve seen MANY other brands 🤣


This phish email came by so we thought we would share it. Here’s the email:


Phish example
Phishing email

Nice and simple, one big button to click, except if you hover over the button to see where it will take you the url ends in .ru (Russia). That should be enough for you to stop right there. Nothing in the url indicates Spotify and .ru domains should (in the most) be regarded with deep suspicion


Phish Red flags 🚩

1 🚩Social engineering red flag - fear. Not quite perfect though, it should probably be “reminder” not “remind” 🤦‍♂️

2 🚩Nothing there about Spotify, although sometimes brands DO send out emails from weird email addresses

3 🚩Call to action. Always HOVER over these types of button to show where you are going to be taken if you click


For your delectation and delight, we did however follow the link - we do this in a safe manner, we don’t recommend you “try this at home” 🤣🤣


The link takes us to this page and something else to click on!



phish example
phishing email

This time (and the link actually failed), we strongly suspect it would have taken you to a lookalike Spotify web page where (if entered) your credit card information would be harvested


Stay safe out there!

Comments


bottom of page