A recent surge in phishing scams has been targeting social media users with a seemingly innocent request: to vote for a friend to co-host a major podcast event with Spotify and Google. At first glance, these messages appear casual and personal, often coming from a known contact, which makes them all the more convincing. However, this “favor” is actually a carefully orchestrated scam designed to steal login credentials and hijack accounts, setting off a chain reaction of cyberattacks that can spread rapidly through social networks.
The scam begins with an urgent message claiming that someone is in the running to co-host a podcast event involving Spotify and Google. The message typically reads something like, “Hey, I need a quick favor. I’m in the running to co-host a major podcast event with Spotify & Google. It’d mean a lot if you could drop a vote for me. Appreciate you!” This friendly and urgent tone is crafted to lower your guard and encourage a quick response. A follow-up message often increases the pressure, emphasizing that voting ends soon and asking for a screenshot confirming the vote. This request for proof may seem harmless but is, in fact, a tactic to keep you engaged and provide scammers with additional information.
The critical red flag lies in the link embedded in these messages. While it may look official at first glance, a closer inspection reveals it does not belong to the legitimate domains of the companies involved. Instead of linking to “spotify.com” or “google.com,” the URL often reads something like “spotifyprime-hub.ct.ws,” a suspicious and unrelated domain. Legitimate companies do not host major events on such obscure web addresses. Scammers exploit cheap, lookalike domains that can easily fool users who quickly scroll through messages without careful scrutiny.
Once you click the link, you are taken to a polished, professional-looking site that mimics an official voting page. It may even claim to be powered by Google, adding to its perceived legitimacy. However, the true purpose of this site is not to collect votes but to harvest your login credentials. The site asks you to log in using your social media accounts, such as Instagram, Twitter (now known as X), or email. This is a glaring warning sign—real voting pages would not require unrelated social media logins. The moment a website asks for these credentials, it is likely trying to steal your username and password.
Victims of this scam have reported immediate and severe consequences. One individual shared their experience of receiving the phishing message from a trusted friend, entering their credentials, and then quickly losing access to their account. Within a day, their account was hacked, passwords and recovery emails were changed, and they were locked out. The scammer then used the compromised account to send the same fraudulent messages to the victim’s contacts, spreading the scam further. In some cases, attackers have attempted to access victims’ bank accounts, escalating the damage beyond social media.
This rapid spread is what makes the scam particularly dangerous. One compromised account can lead to dozens or even hundreds of additional victims in a short time frame. The scam relies on a simple but effective process: you enter your login information; the scammer uses it immediately to take over your account; they lock you out by changing recovery details; and then they impersonate you to reach your contacts with the same fraudulent message. If you use the same password across multiple platforms—a common but risky habit—scammers may try those credentials on your email, financial services, or shopping sites, potentially causing widespread damage.
The request for a screenshot after voting serves multiple malicious purposes. It confirms to the scammer that you completed the login process, provides them with visible personal information such as usernames or email addresses, and keeps you engaged long enough to delay suspicion. In reality, the damage often occurs the moment you submit your credentials.
Both Spotify and Google have issued warnings about these phishing scams. A Spotify spokesperson clarified that these messages are not affiliated with Spotify, do not represent any official event, and do not occur on the official Spotify platform. Similarly, Google directs users to resources for recognizing and avoiding scams. Despite these warnings, the scam continues to thrive because it leverages trust, urgency, and deceptive website design.
Preventing this type of scam requires vigilance and a few key security practices. First and foremost, always verify the domain name before clicking any link, especially if the message urges immediate action or pressure. Official companies use consistent, recognizable domains—any deviation should raise suspicion. Remember that real