A new scam is circulating, using a seemingly innocent request to vote for a friend in a Spotify and Google podcast event. Messages, often urgent and personal, direct recipients to a fake voting page.
The scam's primary goal is to harvest login credentials. The fake voting page, designed to look legitimate and claiming to be powered by Google, presents login options for Instagram, Email, and X.
Key red flags include the web address, which is not an official Spotify or Google domain (e.g., spotifyprime-hub.ct.ws), and the manufactured urgency in the messages. Real voting pages typically do not require users to log in via social media platforms.
Victims report account takeovers, with scammers changing passwords and sending the same malicious messages to contacts. Reused passwords can lead to further compromise of email and banking accounts. Scammers may also request screenshots to confirm login completion and gather further user details.
Spotify has confirmed awareness of these phishing messages, stating they are not associated with the company or any official events. They advise vigilance and avoiding suspicious links.
To protect yourself:
- Always verify the full URL is an official company domain.
- Resist messages creating urgency; real requests can wait.
- Enable two-factor authentication (2FA) on all accounts.
- Use strong antivirus software.
- Never reuse passwords; utilize a password manager.
- Directly verify unusual requests with the sender.
- Regularly check login activity on your accounts.
If you fall victim, change your password immediately, enable 2FA, review login activity, and secure any other accounts using the same credentials. The scam's effectiveness lies in its polished appearance and personal touch, making skepticism and careful inspection of links crucial for prevention.