Latest Phishing Campaign Targeting Users of Spotify
A latest phishing campaign targeting users of Spotify have been discovered by the security experts. In this campaign, the hackers send phishing emails to the Spotify users that appear to have come from digital music streaming service itself.
Researchers from AppRiver, the cybersecurity firm, have discovered this phishing campaign (i.e. specifically targeting the users of Spotify). The hackers attack by luring targeted users of Spotify to click on the malicious links (i.e. a button) via a genuine-looking e-mail that is claimed to have been sent by Spotify itself. Once clicked, the new malicious page asks the targeted user (i.e. the victim) to enter their login credentials which then gets transmitted to attackers.
By a blog post, the researchers explained its discovery of this latest Spotify phishing campaign. As per their explanation in the report, the attacker needs the innocent user to click a green button having words "CONFIRM ACCOUNT". Above that button, the hacker further attempt to lure the user by having a text that urges the user to confirm account by saying "You're almost there. Confirm your account below to remove any restrictions on your Spotify account".
Upon clicking the "CONFIRM ACCOUNT" button, a new window having a login page will open. This malicious login site appears quite similar to legitimate Spotify login site, so as to confuse the user. Now the user (i.e. the victim) will lose his/her Spotify account details to attacker, when he/she enters the login credentials. As per the researchers, the login credentials also might allow the attackers to have access to various other banking and online accounts of the Spotify victims as many people unfortunately use similar username and password in multiple websites. Moreover, the cybercriminals behind this phishing campaign could sell these stolen credentials on dark web also.
AppRiver cybersecurity analyst, David Pickett, told Threatpost that "knowing just one password for a victim opens the door to a multitude of attack vectors".
For staying protected from this kind of attacks, the users always should scrutinize the incoming emails, particularly the emails that ask for login or other critical information. The researchers of AppRiver also suggested checking the email address of the sender before trusting any email.
» SPAMfighter News - 05-12-2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!