Beware of “Sad to See You Go” Spotify Phishing Campaign

Last updated September 24, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer
Image Courtesy of Vox

A large number of Spotify users are reporting the reception of emails that supposedly come from the popular music streaming platform. The messages are titled “We’re sad to see you go,” implying that, somehow, the user’s subscription has ended. The reason for this is supposedly the platform’s inability to receive the user’s payment, which allegedly resulted in the pausing of the subscription. As the message further explains, the users will start hearing ads and lose the offline listening capabilities now, unless they click on the alluring “Get Premium” button, which is incorporated into the message.

If clicked, the button takes the victim to a phishing page that is crafted to look like the legitimate Spotify login page. The actors hope that the victims will enter their credentials in the boxes and that the feeling of urgency that is created with the inexplicable suspension of their Premium accounts would help take things in that direction. Spotify has recently reached 130 million subscribers, as the COVID-19 outbreak has enlarged its user-base quite abruptly. That said, these messages may reach people who haven’t been using the service for long and who aren’t familiar with communication patterns or general direction.

spotify_phishing

Source: conversation.which.co.uk

That said, the signs of fraud are still pretty evident in this campaign. The email address of the sender is “[email protected],” and it would be hard to see any connection with the Spotify Support for those who are vigilant. Sure, the logo is present, and there’s even an office address to add legitimacy. However, even in the body text, there is a sign that something’s wrong - with the “Terms of Use” stuck to “Contact Us,” and neither is clickable, although they should be.

When you receive unsolicited messages that don’t make sense, you should particularly treat those as spam or phishing attempts. In this case, maintaining composure would quickly reveal the true nature of the received message, and the only way to step in the trap would be to lose your coolness. When you’re informed that something went wrong with your subscription payment, or that you need to take account action of any kind, go ahead and visit the website from another tab, login to your account, and check for any alerts right on the platform. Do not ever click on embedded buttons, and do not respond to these emails directly. If you already did that, go to Spotify and reset your credentials immediately, as the actors may not have had the chance to reset them yet.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: