- A+
Researchers have discovered a phishing campaign aimed at the streaming service;研究人员发现了针对流媒体服务的网络钓鱼活动; although it is really simple-crafted, its dissemination is important虽然它非常简单,但它的传播很重要
Researchers from a cybersecurity and digital forensics firm discovered a phishing campaign aimed at Spotify , the popular music streaming service.来自网络安全和数字取证公司的研究人员发现了针对流行音乐流媒体服务Spotify的网络钓鱼活动。 In this campaign, discovered in early November, the attackers decided to use emails to try to deceive users of the streaming platform.在11月初发现的这项活动中,攻击者决定使用电子邮件试图欺骗流媒体平台的用户。 The target of the attackers is that the user provides the access credentials to their account.攻击者的目标是用户向其帐户提供访问凭据。
The email used by criminals includes a link that redirects users to phishing websites that incite them to enter their username and password.犯罪分子使用的电子邮件包含一个链接,可将用户重定向到网络钓鱼网站,煽动他们输入用户名和密码。 Attackers use the stolen information to compromise the Spotify accounts and any other account in other services where the user keeps the same passwords.攻击者使用被盗信息来破坏Spotify帐户以及用户保留相同密码的其他服务中的任何其他帐户。
“In this campaign the attacker tries to trick users into clicking on a phishing link, redirecting them to a deceiving website. “在此广告系列中,攻击者试图欺骗用户点击网上诱骗链接,将其重定向到欺骗性网站。 Once on this site, users were asked to enter their username and password, which gives the attacker the ability to hijack an account,” mentioned in the report of digital forensics specialists.一旦进入这个网站,用户就被要求输入他们的用户名和密码,这使得攻击者能够劫持一个帐户,“ 数字取证专家的报告中提到了这一点。
The attackers configured a page identical to the legitimate Spotify login page, which is only different in the URL, something that almost no user verifies.攻击者配置了与合法Spotify登录页面相同的页面,该页面仅在URL中有所不同,几乎没有用户验证。
The attackers deceived the victims to click on a green button with the words “CONFIRM ACCOUNT” .袭击者欺骗受害者点击绿色按钮,上面写着“确认帐户” 。 The messages are presented informing about a supposed restriction in the users' accounts, requesting them to click the button to reactivate their account.将显示消息,通知用户帐户中存在的限制,请求他们单击按钮以重新激活其帐户。 After clicking this button, the user was redirected to the aforementioned deceiving website.单击此按钮后,用户被重定向到上述欺骗网站。
According to the specialists in digital forensics, this campaign is elaborated in a very simple way, and a user attentive enough to the details could detect it without further inconvenience.根据数字取证专家的说法,这个活动以一种非常简单的方式进行了详细阐述,用户对细节的关注度可以在没有进一步不便的情况下进行检测。
The security report published by the investigators pursued a single objective;调查人员发布的安全报告只追求一个目标; experts tried to share information about a campaign that could deceive unfamiliar users with technological issues.专家们试图分享有关可能欺骗不熟悉的用户遇到技术问题的广告系列的信息。 Even if it is not a critical attack campaign, the information needs to be disseminated.即使它不是一个关键的攻击活动,也需要传播信息。
According to information from a cybersecurity firm, Spotify has nearly 60 million active users throughout more than 50 countries, which has consolidated this platform as the fastest growing music service worldwide.根据网络安全公司提供的信息,Spotify在全球50多个国家/地区拥有近6000万活跃用户,这使该平台成为全球发展最快的音乐服务商。
