Are you getting tons of login emails for your music streaming service like Spotify? You could be the subject of a phishing attack.
Hackers are constantly scouring the internet for new account dumps to check against popular websites like Spotify. For example, MGM Resorts experienced a data breach in 2022, resulting in 28 million email addresses being exposed alongside other personally identifiable information. When data breaches like this hit the web, hackers get to work verifying leaked email addresses and password combinations. Let’s explore how one of these phishing attacks can work.
Jane stayed at an MGM Resort in 2020 and her email address [email protected] was exposed. Now the hacker wants to access Jane’s Spotify or Deezer account associated with that email address. This is possible by launching a phishing attack by requesting a login link via email. An email arrives in Jane’s inbox like this:
Photo credit: Deezer
“I didn’t try to log in to my Deezer account,” Jane thinks to herself, and she clicks the pink “Connect Now” button. Jane has just given her attacker access to her Deezer account. These phishing emails are legitimate password reset and login links initiated by the attacker, rather than Jane herself. Another clue in the email address is the login location, which occurred at 8:56 p.m. in Asia/Shanghai. Jane is from California and has never visited Asia.
How to Avoid Login Phishing Attacks – Spotify, Deezer, Apple Music and More
You can avoid these phishing attacks by never clicking on a link that lands in your inbox unless you ask for it. If Jane had simply deleted the email instead of clicking the login button, the attack would have been thwarted. The attacker is relying on you to click the link so they can gain access to the account.
- Use a unique password that you have never used before.
- Never reuse your music streaming password anywhere.
- Do not use Facebook, Google, etc. to connect you. Use your email address instead.
- Enable 2FA on your email address. Spotify does not support 2FA.
There have been numerous reports of Spotify login phishing attacks dating back to 2011. Some accounts receive over 30 phishing emails per day from places like Germany, UK, Netherlands , Asia, etc.
