In the News
Even Spotify users can be plagued by the threat of phishing. In Spotify Phishers Hijack Music Fans’ Accounts, Tara Seals at ThreatPost discusses a recent phishing attack targeting Spotify Users with the goal of stealing their passwords for future malicious use. Seals states that users were tricked with credible-looking emails asking them to input their login information. Seals explains that this form of phishing attack is used by malicious attackers to perform future credential stuffing schemes given the passwords often reused by users and that even phishing attacks have a tell that they are fake.
Our Take
Let’s let this phishing attack serve as a warning for a more dangerous potential next scheme. While many passwords may have been exposed, we can all be proactive about creating unique and secure passwords for all of our account to make sure that a future credential stuffing scheme will no impact us. Phishing attacks in general feed off of the trust that users have in companies. Many individuals do not double or triple check to make sure that an email from a company in which they hold an account is credible. Users should not have to take these additional measures to make sure that they are not falling prey to such attacks. However, the digital world that we live in makes way for such cybersecurity issues that require additional diligence on the consumer end.
Recommendations
How can you protect yourself from phishing attacks?
- Understand the risks of putting your personal information into the world, and only share what you have to
- Use safe password practices, and take advantage of Multi-factor Authentication where possible
- Avoid clicking directly on links, whether in email or social media – always search through your search engine to verify legitimacy and find the appropriate site
- Refrain from opening suspicious attachments
- Pay particular attention to messages that threaten to cut off a service or promise unlikely rewards–these are intended to get you to act quickly without thinking ‘Stay up to date on the news regarding recent fraud and phishing attacks to see if you may have been affected