Monday, November 25, 2024
HomeComputer SecurityBeware!! Cyber Criminals Launching Serious Phishing Attack that Target Spotify Customers

Beware!! Cyber Criminals Launching Serious Phishing Attack that Target Spotify Customers

Published on

Malicious hackers launching a new phishing campaign that targets Spotify customers to hijacking the user’s account and steal the credentials.

Spotify customers targeted via emails along with malicious links that redirect into a deceptive website which leads users to give away their credentials.

Once users enter their credentials, username and password will be sent to the attacker’s repository of compromised data.

- Advertisement - SIEM as a Service

When analyzing the Sender address, it reveals that the Email ID was not originated from Spotify and users spoof the email address and pretending like legitimate is pretty common for nowadays.

Main Phishing Attack Indication

Researcher digs into deep and analyzing the email body and the link that embedded with the mailbox which is obviously not taking into a Spotify page.

According to approver,” the attacker wants the unsuspecting user to click on a green button with the words “CONFIRM ACCOUNT.” Just above the button, the hacker attempts to lure them in further by urging the user to confirm their account to remove restrictions on the account.”

Once click the URL, it redirects victims to a malicious website where users can access the well-designed login page that looks like same as original Spotify login page.

We can see that the URL doesn’t seem to be original Spotify login and also Google marked it as a malicious link

How to stay safe

1. Have a unique Email address.
2. Do not open any attachments without proper validation.
3. Don’t open emails voluntary emails.
4. Use Spam filters & Antispam gateways.
5. Never respond to any spam emails.

Anatomy of Phishing Scam

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

ReelPhish – A Real-Time Advanced Two-Factor Authentication Phishing Tool

Real-Time Intelligence Feed to Catch Malicious Phishing Domains SSL Certificate

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...