Fake Spotify email is a phishing scam to get your Apple ID credentials

Gareth Cattermole/Getty Images

• A new scam is targeting people by disguising itself as a
  Spotify email asking you to verify your subscription information
  after being charged for a year’s subscription of Spotify’s
  Premium streaming service.
• Potential victims aren’t charged for Spotify’s Premium
  service, but may click the link in the email because they’re
  surprised to receive the email.
• The link leads you to a fake Apple ID login site that expects
  you to use your Apple ID credentials.
• Once you try to log in, your Apple ID credentials are likely
  sent to the scammers. 

A new phishing scam is targeting people by using a fake Spotify
email in order to get you to hand over your Apple ID.

The email contains the fake confirmation of a year’s subscription
to Spotify’s Premium streaming service — it’s likely intended to
prey on your surprise that you may have been erroneously charged.
The email prompts victims to click a link to cancel or “review
your subscription.”

It’s a scam to get your Apple ID credentials, and it was caught
by a cautious
Reddit user. Once the scammers have your Apple ID
credentials, they could have access to personal information,
photos in iCloud, and the location of your Apple devices. They
could even potentially make purchases without your immediate
knowledge. 

This scam is likely taking advantage of recent changes made to
Spotify subscription payments. Spotify users used to have the
option to pay for their Spotify Premium account via their Apple
ID, but that’s no longer the case as of August 6, 2018. Spotify
is now requiring its Premium subscribers to switch to Spotify’s
own payment system.

Red flags that it’s fake

While it’s an easy scam to fall for, there are ways to check if
it’s illegitimate. Check out the email below:

Reddit/The101maham

For one, there’s a grammar mistake in the email’s text where it
says “You are in charged for your subscription.”

The other red flag is that the subscription email is from
Spotify, yet the payment system being referenced here is your
Apple ID. If there were any changes or charges made to your
Spotify account using your Apple ID, the subscription
confirmation email would come from Apple rather than
Spotify. 

Unfortunately, the screenshot taken by the Redditor doesn’t show
the sender’s email address, which would likely also raise
eyebrows. It might bear similarities to an official Spotify email
address, but scam emails usually have some telltale signs that
they’re illegitimate, like random letters and numbers in the
sender’s email address.

If you click on the link in the email, it leads you to a
convincing-yet-fake Apple ID sign-in screen, where you’re
expected to enter your Apple ID credentials. Once you hit “Next,”
the information is likely sent directly to the those responsible
behind the phishing scam.

Reddit/The101maham

Above, there’s a clear sign that this Apple ID login screen is
fake. The website’s URL in the browser bar starts off looking
legitimate enough, with the words
“myappleid-confirmcancellation,” but the following words,
“aijcbtgroup…,” would never be associated with an official
Apple website. 

If it were real, the site’s URL address would also be green on
Apple’s iOS devices, indicating that it’s a secure site with
“HTTPS” certification. On computers, you should also check if it
has the “https” letters at the very beginning of the URL address,
as shown below:

Business
Insider

Apple does have some protective measures in place — like asking
you to to verify a login with numbers sent to your other Apple
devices or to your email address — so scammers may not get very
far unless they have access to your other Apple devices or email
address. Still, it’s better to be careful. 

If you think you did fall victim to this phishing scam, your next
move is to change your Apple ID password right away.