Skip to main content

Even spotify isn’t safe - when did scammers get so smart?

Keeping up with the latest phishing scams is absolutely vital when you’re running a business - and it’s pretty important outside of the office too, if you want to keep your tech secure. Phishers are always coming up with new and inventive ways to coerce you into giving them your cash - from sextortion to iTunes gift cards, no scam is too low.

Luckily, there’s always some great telltale signs that the email you’re reading is a fake - bad grammar, bad sentence structure, or even a bad storyline (find out about the ‘’assassin’’ that contacted us here). But recently something landed in our inbox that nearly had us fooled.

This email is one of the slickest scams we’ve seen in a while. From the graphics to the language, it’s obvious that a crafty phisher has spent some time on it. However, it’s still possible to see through the cracks - if you know where to look.

Spotify, is that you?

The wording of this phishing email is so good, we’re a little bit impressed. ‘We hate to be the bearer of bad news’ is very on brand for services like Spotify; casual and friendly, very unlike the phishing emails you might be used to.

The graphics are also pretty convincing; the Spotify logo, button and text are almost matching with the graphics from a real email from Spotify, as you can see from the two images below. These phishers have taken it to the next level, from the banner to the font size.

Real spotify email

Fake spotify email

Clearly, time has been spent on this phishing email so that you’re less inclined to look closely; everything in this email is intended to convince you that it’s your good friend Spotify, just letting you know that there’s a problem.

How can I possibly know which emails are real when the fake ones look this good?

Many of the usual indicators of a scam are noticeably absent from this email. There are none of the sneaky little typos often present in phishing emails. Often there’s a deadline involved, ‘reply within 48 hours’, ‘your account will be frozen in 24 hours’ to pressure you into clicking first and thinking later, but this email bears none of those hallmarks.

However, this email doesn’t manage to go under the radar entirely. If you check the sender, you’ll notice it isn’t @spotify, but @mypartytheme. We’re not sure which direction Spotify are currently taking their business, but we’re almost certain they aren’t branching out into party planning. The @ should be a huge red flag, because that @ should always be followed by the sender. If it’s followed by anything other than Spotify, then your email definitely isn’t from Spotify.

The other tried and tested technique in figuring out the legitimate emails from the forgeries is hovering other the links. For example, if you move your cursor over the ‘Confirm your account’ button in this email, you’ll notice it doesn’t send you to Spotify, but instead sends you to someone at 'My Party Theme'. 

The important thing to remember is to never click a link in a phishing email. The best case scenario is that it’ll take you to a bogus web page to get you to put all your card details in. The worst case scenario is, clicking the link automatically downloads a ton of nasty malware onto your machine and your card details are snapped up anyway.

Any email that’s requesting you confirm your banking details, payment details or card details should be regarded with suspicion. If in doubt, head to the website yourself and check whether a payment has been declined recently.

What’s the point of pretending to be Spotify?

After a quick web search you can find a few comment threads about suspicious emails from Spotify. According to Spotify, they can’t even access card details and they are not viewable from personal accounts. However, a lot of people who have fallen victim to Spotify scams have found themselves down by $119.88 - the exact amount for a year long subscription to Spotify Premium.

We can only hazard a guess on what phishers might want with Spotify card details. Confirming your card details to a fraudulent person on the internet very rarely leads to anything good, and obviously, once they’ve got your digits they can spend away until you notice your savings rapidly depleting.

We suspect that your card details may be setup against new Spotify accounts, which are then sold on the dark web for a fraction of the annual subscription fees. This way, phishers are abandoning the account with another person’s card details on, leaving the buyer to take the fall (if it comes to that, of course). In addition, any debit to your card will come up as ‘Spotify’ on your bank statement - and you’re far less likely to flag that transaction as suspicious, letting the criminals get away scot-free.

Is there anything we can do about this, besides not get scammed ourselves?

Spotify say if you get a weird looking email, forward it to spoof@spotify.com. Other than that, there’s not much any of us can do except stay one step ahead of the phishers, and be overly suspicious of every single email that arrives in our inbox.

Tweet us @TranscenditUK


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for a refurbished computer, cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
As always the support team are efficient and effective. Darlington Golf Club

Based on 7729 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 29-April-2019

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.