Security researcher have discovered a new phishing campaign targeting Spotify users. Through this campaign, hackers sending emails to the Spotify users that pose as coming from the music streaming service. The phishing campaign was discovered by AppRiver.
If anyone clicks on the the phishing emails, the victims are redirected to a malicious website. The website is specialy developed to tricks the credentials like user ID and password.
The credentials can allow the hacker to gain access online and banking accounts. As always cybercriminals can sell the stolen credentials on the dark web.
A cybersecurity analyst at AppRiver, David Pickett said told Threatpost “Knowing just one password for a victim opens the door to a multitude of attack vectors”. “Knowing how someone creates a password offers a personal glimpse into their password creation mindset and probability of overall attack success. This also gives an opportunity for social engineering using the same information which is important to the victim.”
Researchers also fear that hackers may use the stolen crendential in password cracker to generate passwords for a hybrid password attack.
Pickett also said, “Password-cracking software such as John the Ripper and Cain and Abel are popular utilities for these attacks, but there are many others”.
Researchers of AppRiver warned Sotify users to check the URL in every email message that they receive. Don’t open any link in the mail blindly.