What is the Spotify and Google podcast event scam?

It's a phishing scam using fake requests for votes to co-host a Spotify and Google podcast event, aiming to steal users' login credentials from various platforms.

How do scammers trick people with fake vote requests?

Scammers send messages with links to unofficial domains that mimic legitimate sites, pressuring users to log in with their social media or email credentials.

What happens if someone falls for the fake vote scam?

Victims can lose access to their accounts, face extortion, have their passwords changed, and their compromised accounts can be used to spread the scam further.

Home / Technology / Click Trap: Fake Vote Scams Target Accounts

Click Trap: Fake Vote Scams Target Accounts

7 Mar

•

Summary

Scammers use fake Spotify/Google vote requests to steal login credentials.
Phishing links often use unofficial domains like 'ct.ws' instead of company sites.
Victims lose account access, face extortion, and have their information spread.

Click Trap: Fake Vote Scams Target Accounts

A deceptive phishing scam is actively targeting individuals through messages requesting votes for a supposed Spotify and Google podcast event. These fraudulent requests, often disguised as favors from friends, feature links to unofficial domains such as spotifyprime-hub.ct.ws, which are designed to look legitimate but are not affiliated with the tech giants. The scam's primary goal is to steal users' login credentials from platforms like Instagram, email, or X. Upon entering credentials, scammers gain immediate access, change passwords and recovery emails, and then propagate the same scam to the victim's contacts, creating a rapid chain reaction. Spotify has confirmed awareness of these messages, stating they are not associated with any official events and urging vigilance. Google also directs users to resources for identifying and avoiding scams. Prevention methods include scrutinizing unfamiliar domains, resisting pressure tactics, utilizing app-based two-factor authentication, employing strong antivirus software, and using password managers for unique credentials. Verifying suspicious messages by contacting the sender separately is also advised.

Disclaimer: This story has been auto-aggregated and auto-summarised by a computer program. This story has not been edited or created by the Feedzop team.