Overview
- Germany’s Verbraucherzentrale flags a Spotify‑themed email that claims a failed payment and urges users to “update payment method” within 48 hours.
- The Spotify message is designed to steal credit‑card details and login credentials, with red flags such as no personal salutation, a dubious sender, time pressure, and embedded links.
- Separately, PayPal users report emails about a new address and an expensive purchase that tell them to call a phone number, which connects directly to scammers posing as support.
- Bleeping Computer reports attackers exploit PayPal’s address “additional line” to inject full fake confirmations so notices originate from PayPal servers and bypass filters; PayPal was notified and the status of a fix for this method is unclear.
- Consumer advisers urge recipients not to click links or call numbers in such messages, to verify account status only via the official app or website, and to mark suspicious emails as spam.