/ Money

Scam alert: Spotify subscription phishing email

Your Spotify subscription hasn’t been ‘paused’ – this fake email is actually after access to your bank details. Have you received it? Here’s what it looks like.

Last week Spotify announced that it had reached 130 million subscribers, despite concerns over how the pandemic may affect people’s listening habits.

With so many active customers, it’s no surprise that scammers would see the brand as a target for fake emails – we saw exactly the same thing with Netflix.

As with all phishing emails, it’s vital you take the time to look at the email in detail. Perhaps most importantly, do not be rushed into following instructions by its wording.

‘We’re sad to see you go’

If you’re a Spotify customer, you’d understandably be alarmed to read that a service you pay for has just been cut off – but this is exactly how the scammers want you to feel.

Like other phishing emails we’ve seen, the email address this has been sent from is clearly nothing to do with the brand it purports to be from.

However, emails like this rely on their fraudulent use of official branding and calls to action (‘get premium) making you fail to notice the signs that it’s a scam.

Clicking through on this email would more than likely have taken the recipient to a fake website requesting your bank details as well as other sensitive information.

We made Spotify aware of this phishing email via its online contact form. It hasn’t responded yet, but we’ll add in any comment when it does.

How to deal with phishing emails

If you’ve received an unsolicited email asking you to complete an action, take a moment to investigate. Have you actually lost access to the service? Why would your payment details suddenly fail?

If things don’t quite add up, take the precaution of contacting the company concerned directly via its official channels.

If you think you’ve handed over sensitive information to scammers, contact your bank immediately and tell it what’s happened.

We have a comprehensive guide on how to get your money back after a scam available here.

Have you received this phishing email? Seen one similar purporting to be from another brand? Report it to us in the comments, or email scamwatch@which.co.uk


Comments
Alan Ferrier says:
8 May 2020

Have you reviewed VIP auctions? Another ‘legal’ scam.

Robert Christie says:
8 May 2020

I had many dubious calls , about many different things which “would improve my life” . My usual reply is , How would you like one of my pet Porcupine inserted in (an appropriate orifice) ! This depends on the sex of the caller . Have had many NO REACTION to my comments , but with those who retaliate I believe they are INDIVIDUAL scammers . I am 82. YO still have a few marbles up top so try to decipher genuine caller (telephone) or scammer on email ! Any info. from Which? is welcome .

David Devore says:
8 May 2020

I have just received an email from TV Licensing saying I’m due a refund. I suspect that this is a scam. Who do I report it to? Is Which? willing to act as a public clearing house for reports and is it willing to act as a public database for these (rather like SNOPES)?

Chris says:
8 May 2020

report@phishing.gov.uk

is the new government email address to send scam emails to so they can start to do something about them. (as per moneysavingexpert.com website)

Andrew Wadsted says:
8 May 2020

Forward any emails you believe to be phishing to report@phishing.gov.uk

Coincidentally, I had one from TV Licensing telling me my renewal failed because the debit card they had on record had expired. I wasn’t due to pay them for at least six months and the address was a dead giveaway!

Isabel says:
8 May 2020

Had the same email tv licence isn’t up till july . Also had a email for car MOT which isn’t up till September

Does it really pay them to try this? I suppose so if there are enough of us who don’t keep alert, like you obviously do!

John Bolt says:
8 May 2020

Like David Devore I received an email supposedly from TV Licensing.It threatened bailiffs because they could no longer collect my direct debit for the monthly instalment.What the prats did not realise, in my instance, was that I am too old to pay the licence. I haven’t been liable for a long time. I ‘phoned Licensing , just in case of an error, and they confirmed : 1 They would never send an e-mail and 2 They would address me with my full name. The email was addressed to [my email address].

[Moderator: we’ve edited this comment to remove a personal email address. To protect yours and others’ privacy, please don’t post personal contact details. For more information see the Community guidelines]

David says:
8 May 2020

Send them to the new government department that deals with them!
I am surprised ‘which’ didn’t give the link.

report@phishing.gov.uk

David Reaves says:
8 May 2020

I am on a mission to complain to companies who send emails from a domain that does not 100% match their website. The ones from Which? are an example:
Sender: info@mail.which.co.uk
Why can’t Which? send from info@which.co.uk so we can be 100% sure it is genuine. Virtually all companies do it and I can see no reason for it.
TomTom instead of sending from tomtom.com send from tomtom_uk@mailgb.custhelp.com so I have to do extensive checking before clicking on any links.
Banks do it. If sent from hsbc.co.uk, one would know instantly that it was not a scam and would avoid the need to do any other checks.
Would Which? please explain their policy and give us a reason why they make scam detection so difficult for us?

This is more to do with how companies have set up their email and email services than any deliberate attempt to mislead, though I take your broader point about how this isn’t always the most clear for people.

You’ll often see companies use an address such as mail.example.com for their email service so that it doesn’t impact on other services running off the main domain, and adds an extra layer of security against spamming or spoofing domains (we do this with mail.which.co.uk). Where you see companies using something like companyname@mail.differentdomain.com it is possible they are using an external provider to host and send their email. Impossible to speak for everyone here, as how organisations configure their tech setups will vary.

One key flag is always the root domain (e.g. example.com), so if in any doubt it’s worth contacting the sender via their website or other channels. Lots more guidance on this in our guide to spotting spoofed or dodgy websites: https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-fake-fraudulent-or-scam-website

Scamalot

George – Without detracting from Which?’s new Scam Alert service I think it would be helpful to include the link to the government’s new reporting tool [as provided by Chris and David above] in this and all other Conversations about scams past and future.

It is good that you have rounded them all up in one place at https://conversation.which.co.uk/tag/scams/

These scammers only have to get one or two hits a day from their random attacks and they can make more in a week than most people can in a month and all without any effort or paying tax on it – the victims have already done that for them.

Ronald Burton says:
8 May 2020

Almost fell to one purporting to come from my PayPal account to say that it had been closed for infrequent use.
Only use it for Spotify in the main.
Would really like PayPal to be aware of this

I find it interesting that the phishing emails directed at me have dried up recently. I am aggressive with fraudsters: I greet them as ‘Mr/Ms Fraudster’ on the telephone; I forward phishing emails to the company that the sender is purporting to represent; and even involved the police when a fraudster attempted to collect goods that had been “mistakingly” delivered using my name and address. That last one took several weeks and some expense to deal with. The banking organisation financing the deal returned my letter of complaint to its CEO unopened. However, the office of the CEO of the supplier of the goods appeared to take the issue seriously although they never bothered to write an apology for the inconvenience that I had been caused.

Well, Greycinic, it’s difficult to go phishing if the stream has dried up.

Ronald Burton says:
10 May 2020

Had reminder that my TV licence would not be renewed unless I make a payment. Didn’t think that at 85 I neede one!

[Moderator: we’ve converted this to sentence case – please don’t write in all caps unless you’re intending to shout]

Ronald.
Free TV Licensing for over 75’s comes to an end on 1st August 2020, unless you or your partner receive Pension Credit, but as this won’t be issued automatically you will still need to apply for it.

As the BBC continue to advertise their own programmes and we are obliged to suffer frequent unwelcome repeats, I fail to see any justification for this.

Yes, the withdrawal of the TV licence fee exemption is timed to catch me before I can enjoy it but I have stopped buying a daily newspaper to compensate and I am quids in. The saving not only pays the TV licence fee but also covers my annual ISP charge and a fair proportion of the cost of broadband.

I am enjoying some of the repeats that I missed the first time round but it’s not so good when even the repeats are broadcast again . . . and again . . . and again.

Stu says:
12 May 2020

In addition to the obvious “check the sender/does it look plausible?” guidance, our corporate IT security people usually offer (to assist their investigation) is to send the suspect Spam or Phishing mail to their investigating email address (e.g. spoof@ebay.co.uk) as an attachment; i.e. not to forward the suspect mail directly).

A complete message enables the email header information can be analysed, whereas forwarding the suspect mail does not capture the information which could be used to stop the fraudsters.

Lastly, bin and ideally digitally shred the suspect item to reduce the risk of a later/inadvertent click!