Pretended to be Spotify. I don’t have Spotify premium, so this didn’t work on me. Better luck next time!
I’m not actually sure if the domain is entirely owned by the scammer in question, or if they just got hacked and are being exploited
Below is the full email they sent to me:
Return-Path: <support.spotify@cindyphenixmedium.com> X-Original-To: hyang@hyang.xyz Delivered-To: hyang@hyang.xyz Authentication-Results: hyang.xyz; dkim=pass (1024-bit key; secure) header.d=cindyphenixmedium.com header.i=support.spotify@cindyphenixmedium.com header.a=rsa-sha256 header.s=1724361908.cindyphenixmedium header.b=mqyZ0K3I; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=1724361908....
Pretty clever phishing attempt. The sender disguised as Porkbun, a domain name registrar, which also serves this very website!
Below is the full email sent to me:
Return-Path: <info@myhoppophop.fr> X-Original-To: hyang@hyang.xyz Delivered-To: hyang@hyang.xyz Authentication-Results: hyang.xyz; dkim=pass (1024-bit key; unprotected) header.d=myhoppophop.fr header.i=info@myhoppophop.fr header.a=rsa-sha256 header.s=1723124889.myhoppophop header.b=SLPzUN5k; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=1723124889.myhoppophop; d=myhoppophop.fr; h=From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version: Content-Type; i=info@myhoppophop.fr; bh=D2wRw82qhXPqRVI04n+5Jj1YkVSQs3pachrBoknxSCc=; b=SLPzUN5k6iEU0OemNLg/JlgHAlQCEBUr7ZWXavROMobkHAvN5Fy6DOTB0jHtlz4zYIibjbbUkGYq YFRz226ITFyMJGPCsMWG9rMuIzchoFmgYCYs4jJLVjumG11Mmg1Y4mm6fCz9vz1iOpNk3GY2nTHM Jdv5fddx4lFDhVUBUbM= From: "porkbun.com" <info@myhoppophop.fr> To: hyang@hyang.xyz Subject: Last reminder : Subscription Renewal Notification Message-ID: <87839932-4f02-84a9-7cc3-32badd5f4bde@myhoppophop....