Spotify is a popular music streaming service so it would not seem unusual for someone to receive an email from Spotify which is why identity thieves and scammers are sending out phony phishing emails that appear to come from Spotify. The email appears to be a confirmation of your subscription to Spotify’s Premium streaming service and prompts you to click on a link to either cancel or review your subscription. Certainly anyone who had not subscribed to Spotify’s Premium streaming service would be tempted to click on the link in order to dispute the charges. Clicking on the link takes you to an official appearing Apple ID login page, which prompts you to enter your Apple credentials. If you do, however, you will have turned over your Apple information to a scammer or identity thief who can use this information to gain access to your iCloud account, gain other information about you or even make purchases using your account. You might wonder why a subscription issue with Spotify would involve your Apple account, but until August 6, 2018, people could use their Apple ID to subscribe to Spotify Premium. Spotify is now requiring new customers to switch to its own payment system. Here is a link to Spotify’s website which explains this change. https://support.spotify.com/us/article/spotify-through-the-app-store/
TIPS
As always, you should never click on links or provide personal information unless you have absolutely confirmed that the email is legitimate. In the case of the various Spotify phishing emails, there are a number of indications that this is a scam. Some of the emails have grammatical or spelling errors. These errors are often found in phishing emails that originate in foreign countries where English is not the primary language. Also the email appears to come from Spotify, but the payment system being used is that of Apple. If there were a real subscription confirmation, it would come from Apple rather than Spotify. In addition, while the URL of the purported Apple sign in site the scam takes you to may appear to be a legitimate Apple URL, the URL would be highlighted in green if it were a real Apple URL and would also have the letters “https” appear at the start of the URL, which is not the case with the phony Apple URL.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”