Online scammers are behind a ‘convincing’ spoof email which claims to be from Spotify, according to police.
Police have issued a warning about the online scam, alerting people for warning signs in emails that otherwise look legitimate.
According to a tweet from Devon and Cornwall Police Cyber Protect, emails that ask for login details, personal information or financial details are to be treated with caution, reports PlymouthLive.
The tweet, below, shows an email looks very real – but the online security experts have isolated the ways in which recipients can tell it isn’t.
The tweet reads: “Whilst this email claims to originate from #Spotify and looks quite convincing, in reality it’s been spoofed.”
It’s also got a link to an official Spotify page which spells out what emails you can expect to be sent by Spotify – and those you will not.
The music streaming giant says it will never send emails asking for payment information, passwords, social security or tax identification numbers.
It will also never request payments via a third party (for example, Western Union), never promise cash prizes through email and never ask you to download anything from an email, adding: “If you aren’t sure of an email that claims to be from Spotify — or if the sender email does not end in @spotify.com’ — don’t click any links or provide information.”
On the occasion that you already clicked, Spotify advises that you reset your password with them as well as changing your password on other sites if it’s the same.
You should also contact your bank if you have concerns that your financial information has been compromised.
You should also forward the email to [email protected], then delete the original and wait for the Spotify team to investigate and respond.
The National Cyber Security Centre has guidelines for those who believe they have spotted a suspicious message.
“Spotting scam messages and phone calls is becoming increasingly difficult. Many scams will even fool the experts,” they say.
“However, there are some tricks that criminals will use to try and get you to respond without thinking.
“Things to look out for are:
- Authority – Is the message claiming to be from someone official? For example, your bank, doctor, a solicitor, or a government department. Criminals often pretend to be important people or organisations to trick you into doing what they want.
- Urgency – Are you told you have a limited time to respond (such as ‘within 24 hours’ or ‘immediately’)? Criminals often threaten you with fines or other negative consequences.
- Emotion – Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
- Scarcity – Is the message offering something in short supply, like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or opportunity can make you respond quickly.
- Current events – Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.
“If you think a message or call might really be from an organisation you have an existing relationship with, like your bank, and you want to be sure:
- Go back to something you can trust. Visit the official website, log in to your account, or phone their advertised phone number. Don’t use the links or contact details in the message you have been sent or given over the phone.
- Check to see if the official source has already told you what they will never ask you. For example, your bank may have told you that they will never ask for your password.”
You can find more information on how to spot, and deal with scam emails, texts, calls and more on the NCSC website here.