Fake Spotify podcast vote phishing targets user login credentials

It started with a simple favor. A friend asked for help voting so he could co-host a special Podcast event with Spotify And Google. The first message seemed normal. It felt personal. So it was urgent.

The message read: “Hi, I need quick service.” “I’m up for co-hosting a big podcast event with Spotify and Google. It would mean a lot if you could vote for me. Appreciate you!”

It almost clicked. Then I noticed the link. These details likely saved multiple accounts. Then came the follow-up text that added to the pressure: “Please vote for me, I would really appreciate it because voting ends today.”

The final message read: “Thanks, please send me a screenshot after voting.”

That’s when it stopped feeling like a service and started feeling like a setup. Let’s analyze what’s actually going on here.

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

The scam unfolds in stages, starting with a friendly request, mounting pressure, and demanding a screenshot to confirm you’ve taken the bait. (Kurt “CyberGuy” Knutson)

What does the Spotify voting text scam look like?

The message claims that someone needs your voice to co-host a podcast event with Spotify and Google. It includes a link that looks official at first glance. But look closely.

The URL reads: Spotifyprime-hub.ct.ws

This is not Spotify.com. Big companies don’t run events on random domains like ct.ws. Scammers register cheap lookalike domains because they are easy to create and difficult to spot during a quick swipe. These small details are the first red flag.

What does a fake voting page look like?

The site looks clean. It feels polished and formal. It even claims to be powered by Google. Then it gives you three options:

• Connect with Instagram
• Contact via email
• Connect with X

That’s when you need to stop. This is not about voting. It’s about collecting your login credentials.

Robinhood Text Scam Warning: Do not call this number

The fake voting page looks convincing, but the login buttons reveal it’s designed to steal your social media credentials. (Kurt “CyberGuy” Knutson)

What gives this scam away

If you slow down and look closely, several obvious red flags will immediately appear.

1. Web address

Wrong domain. It’s not Spotify.com or google.com. Instead, it uses a random third-party address. This alone should stop you in your tracks.

2. Urgency

“Voting ends today.” “It would mean a lot.” Scammers rely on emotion and pressure. When you feel rushed, you stop analyzing. This is the goal.

3. Login buttons

A real voting page will not require you to log in to Instagram, email or

What really happened to someone he fell in love with

Here’s what one victim shared after the click:

“So I get it Twitter DM From a friend Last week I logged in to vote for him. It didn’t work. A day later, they hacked my account and locked me out before I could change my password. I’m still blocked, and he seems to be doing this to other people. Another friend got it from me and it was also hacked and shut down. They are trying to blackmail him to get access to him again. Today they tried to access my bank accounts. “It was miserable.”

That’s how quickly it spreads. One entry becomes ten. Ten becomes hundreds. It turns into a chain reaction.

What do scammers do after logging in?

The process is simple and brutal. First, you enter your username and password. The scammer then logs into your account within minutes. Then they change the password and recovery email. Then, they send the same “Vote for me” message to everyone in your contacts.

If you reuse passwords, they may try those credentials on email, banking, or shopping sites. This is a classic account takeover Phishing scam.

Why do scammers ask for a screenshot?

This part is clever. After you ‘vote’, they ask you for proof in the form of a screenshot. Here is why. First, it confirms that you have completed the login. Second, screenshots can show user names, email addresses, or other visual details. Third, it keeps you engaged so you don’t immediately realize something is wrong. However, the damage usually happens the moment you enter your credentials.

“We are aware of phishing messages falsely claiming to be associated with Spotify and other brands,” a Spotify spokesperson told CyberGuy. “These messages are not from Spotify, are not associated with any official Spotify event or activity, and do not occur on the Spotify platform. We encourage people to remain vigilant and avoid clicking on suspicious links.”

Meanwhile, A Google spokesperson She directed us to the company’s online guide to spotting and avoiding scams.

MICROSOFT IMPORTANT IMail IS A SCAM: HOW TO DETECT IT

The Spotify logo is displayed on a screen at the New York Stock Exchange in New York on May 3, 2018. (Reuters/Brendan MacDiarmid/File Photo)

How to protect yourself from voting scams on Spotify

Now let’s talk about prevention.

1. Always check the full URL

Look beyond the brand name to the message. If the domain is not the company’s official domain, do not click on it.

2. Slow down when you feel the urgency

Scammers create pressure. True friends can wait.

3. Turn on two-factor authentication (2FA)

Use application-based two-factor authentication (2FA) whenever possible. It adds a crucial barrier.

4. Use powerful antivirus software on your devices

Powerful antivirus software can block known phishing sites, warn you about suspicious links and help prevent malicious downloads before the damage is done. Get my picks for the best antivirus protection winners of 2026 for Windows, Mac, Android, and iOS at Cyberguy.com.

5. Never reuse passwords

Use a password manager to create unique passwords for each account. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

6. Check with the person directly

If a friend sends something unusual, call or text them separately and ask if they meant to send it.

7. Check login activity regularly

Most social platforms allow you to review active sessions. If you see a login from an unfamiliar location or device, log out of all sessions immediately.

What to do if you have already clicked

• If you don’t click, delete the message and warn your friend
• If you click and enter credentials, act quickly.
• Change your password immediately.
• maybe Two-factor authentication.
• Review login activity.
• Change any other accounts that use the same password.

Time is of the essence here, so don’t put it off.

Key takeaways for Kurt

There is no polling event on Spotify and Google podcast that is played on a random ct.ws domain. The entire operation exists to steal social media credentials, hijack accounts and spread further. Looks polished. It’s a personal feeling. This is what makes it effective. Next time someone asks you to take a quick vote, pause and check the link. That small moment of doubt can prevent days of damage.

If you received a message from someone you trusted, would you stop to scan the link before clicking on it? Let us know by writing to us at Cyberguy.com.

Click here to download the FOX NEWS app

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Related article