Spotify Phishing

I occasionally like to check on the spam/phishing emails I receive. It's fun to see how terrible some of them truly are but then sometimes there are some that have put in a little effort. A Spotify one I received the other night was actually pretty good.

Apart from the blindingly obvious from address, they seemed to put some effort in to this one. Their use of comma's is perhaps worse than mine and may have been taking cues from Rimmer:

But on the whole it did make me look twice, just for a second, as earlier that day I had stopped a PayPal payment that I couldn't figure out the name for. Usually Spotify is blatantly obvious but you never know.

Once I'd checked the from address, I smiled. Time to check the link to see how bad it was:

https://accounts.spotify.com/authorize?scope=user-read-email&response_type=token&redirect_uri=https%3A%2F%2Faccount-management-spotify.com.artpastdark.com/&client_id={removed}

At a very quick glance in a small bar at the bottom of the screen that's actually not a bad attempt and would probably fool most people who just look at the first section. But, if you break it down and look at the second half you'll notice the &redirect_uri part that ships you off to somewhere which isn't quite so genuine looking.

While this is obvious to me and probably the few people that read this blog from Fosstodon, that would easily pass most people by.

There are some truly fantastic quality phishing emails out there that can get the best of us on a bad day. This isn't great, but it's pretty good although mostly down to the fantastic timing of me cancelling a payment.