AppRiver researchers have discovered a phishing campaign targeting mainstream streaming service software Spotify. In early November, the researchers discovered the phishing campaign, in which the attackers used an inducing email to trick Spotify users into providing account credentials.
These messages contain a link to the phishing website that will entice the user to enter a username and password. An attacker can use this information to compromise any account in the Spotify account or other services that use the same credentials.
AppRiver said in an analysis, “the attacker attempted to dupe users into clicking on a phishing link that would redirect them to a deceptive website. Once at the site, users were prompted to enter their user name and password (surprise!), giving the attacker the ability to hijack the account.”