Scam links detected on Spotify, users should be cautious
As the world's largest music and podcast platform, Spotify is increasingly becoming a target for cybercriminals. Fraudsters publish playlists on Spotify with misleading titles, such as "Sony Vegas Pro 13 Crack", and add links that lead to fraud or malware sites. At the same time, they use spam podcasts in which AI-generated voice messages advertise illegal downloads or cheats.
Another aspect of the scam involves exploiting third-party platforms like Firstory, a podcast hosting service. Scammers use these tools to upload fraudulent podcasts, which are then automatically distributed to Spotify and other streaming services. The minimal oversight required for publication makes it easier for spam content to proliferate.
Karol Paciorek, who describes himself as a cybersecurity enthusiast, apparently first became aware of the problem. He highlighted the security issue on X, sharing an example of an affected playlist:
Are you a techie who knows how to write? Then join our Team! Wanted:
- News Writer (Romania based)
- Proofreader
Details here
Spotify has now removed problematic content, as the company announced in response to a request from BleepingComputer. However, the streaming provider has not yet specified how it intends to take long-term action against cybercriminals. When exploring Spotify playlists, users should remain especially cautious moving forward, paying close attention before clicking on any external links.
Source(s)
X (formerly Twitter / Karol Paciorek)
Image source: Pexels / Anete Lusina