Akankasha Dewan 05 December 2019 14:26:08 AEDT 4 MIN READ

Phishing email impersonating Spotify claims ‘your payment didn’t go through’

Receiving an urgent email from one of the world’s leading brands may cause you to sit up and take notice, but sometimes it also calls for a critical need to be more vigilant before taking action.

MailGuard intercepted an email phishing scam purporting to be from Spotify today morning (AEST), the 5th of December.

The malicious emails arrive in inboxes using the display name ‘Spotify’ and are titled ‘Your payment didn’t go through’. The body of the email contains the Spotify logo. It informs recipients that because their payment wasn’t accepted, their subscription has been paused. As a consequence, ‘you will now start hearing ads and you can no longer listen to your favourite songs offline’. To fix this problem, a button is provided with the words ‘Get Premium’.  

Here is a screenshot of the email:

Spotify email scam

Unsuspecting recipients who click on the link to ‘Get Premium’ are led to a fake Spotify-branded phishing page that asks for their login details:

Login - Spotify - Mozilla Firefox_170 (003)

Upon ‘logging in’, users are then taken to a similar-looking page asking them for to update their payment information. These include their credit card & CCV numbers.

Spotify - Payment Information - Mozilla Firefox_172 (003)

Having inserted their credit card details, users are then led to a third page using the same branding & logos. This time, it asks users to update their billing address, as per the below:

Spotify - Update Billing Address - Mozilla Firefox_173 (004)

Clicking ‘finish’ finally redirects users to a Spotify page containing a ‘404 error’.

 As you can see from the screenshots above, all of the phishing pages are legitimate-looking copies of pages purporting to be from Spotify. Cybercriminals have taken great pains to incorporate the exact colour scheme, logo, fonts and popular images commonly found in Spotify pages in a bid to convince the user that the email is actually originating from the digital music service.

In addition, the email contains several other techniques that are designed to trick recipients:

  • use of a major brand name to inspire false trust; the usage of the supposed ‘Spotify’ display name boosts the email's credibility,
  • inclusion of ‘Terms & Conditions’ and ‘Privacy Policy’ links that are typically expected of a well-established company in the phishing pages and,
  • false urgency; a subject line such as ‘Your payment didn’t go through’ creates a sense of panic and anxiety.

Despite these techniques to fool users into thinking the email is authentic, eagle-eyed recipients will spot red flags that point to its illegitimacy. These include several spacing and formatting errors in the body of the email.

Spotify is a popular and well trusted company with an immensely large customer database, so their branding makes a good lure for cybercriminals looking to deceive people. 

The company advises members to remember that it will never ask for your personal information over email. This includes: 

  • Payment information (credit card number, debit card number, etc.)
  • Account password
  • Social Security number or tax identification number

If you see an email from Spotify, please exercise caution and make sure it is a legitimate communication before you open it. If you are unsure if a PayPal email is legitimate, simply contact the company directly.

Please share this alert with your social media network to help us make more people aware of the threat.

To protect your business against scams like this fake Spotify-branded phishing email:

  • Beware of emails that contain grammatical or branding errors, but purport to be from reputable organisations.
  • Always hover your mouse over the links contained in emails in order to check their legitimacy – don’t click them unless you are sure they are safe.
  • To ensure safety, type the URL of the organisation you are intending to visit manually into your browser or navigate through Google search to find the correct website before entering your credentials.
  • Be particularly wary of emails asking you to supply personal details that the purported organisation should already know, especially those which ask for credit card or bank account details.

MailGuard urges all recipients of this email to delete it immediately without clicking on any links.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network. 


Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates