Fake Spotify email is a phishing scam to get your Apple ID credentials



[ad_1]

A new phishing scam is targeting people by using a fake Spotify email in order to get you to hand over your Apple ID.

The email contains the fake confirmation of a year’s subscription to Spotify’s Premium streaming service — it’s likely intended to prey on your surprise that you may have been erroneously charged. The email prompts victims to click a link to cancel or “review your subscription.”

It’s a scam to get your Apple ID credentials, and it was caught by a cautious Reddit user. Once the scammers have your Apple ID credentials, they could have access to personal information, photos in iCloud, and the location of your Apple devices. They could even potentially make purchases without your immediate knowledge.

This scam is likely taking advantage of recent changes made to Spotify subscription payments. Spotify users used to have the option to pay for their Spotify Premium account via their Apple ID, but that’s no longer the case as of August 6, 2018. Spotify is now requiring its Premium subscribers to switch to Spotify’s own payment system.

Red flags that it’s fake

While it’s an easy scam to fall for, there are ways to check if it’s illegitimate. Check out the email below:

Reddit/The101maham

For one, there’s a grammar mistake in the email’s text where it says “You are in charged for your subscription.”

The other red flag is that the subscription email is from Spotify, yet the payment system being referenced here is your Apple ID. If there were any changes or charges made to your Spotify account using your Apple ID, the subscription confirmation email would come from Apple rather than Spotify.

Unfortunately, the screenshot taken by the Redditor doesn’t show the sender’s email address, which would likely also raise eyebrows. It might bear similarities to an official Spotify email address, but scam emails usually have some telltale signs that they’re illegitimate, like random letters and numbers in the sender’s email address.

If you click on the link in the email, it leads you to a convincing-yet-fake Apple ID sign-in screen, where you’re expected to enter your Apple ID credentials. Once you hit “Next,” the information is likely sent directly to the those responsible behind the phishing scam.

Reddit/The101maham

Above, there’s a clear sign that this Apple ID login screen is fake. The website’s URL in the browser bar starts off looking legitimate enough, with the words “myappleid-confirmcancellation,” but the following words, “aijcbtgroup…,” would never be badociated with an official Apple website.

If it were real, the site’s URL address would also be green on Apple’s iOS devices, indicating that it’s a secure site with “HTTPS” certification. On computers, you should also check if it has the “https” letters at the very beginning of the URL address, as shown below:

Business Insider

Apple does have some protective measures in place — like asking you to to verify a login with numbers sent to your other Apple devices or to your email address — so scammers may not get very far unless they have access to your other Apple devices or email address. Still, it’s better to be careful.

If you think you did fall victim to this phishing scam, your next move is to change your Apple ID pbadword right away.

[ad_2]
Source link