My Blog
How a Fake Spotify Voting Scam Is Hijacking Social Media Accounts
Tech

How a Fake Spotify Voting Scam Is Hijacking Social Media Accounts

A convincing text scam posing as a Spotify and Google podcast vote is stealing login credentials and locking victims out of their accounts.

By Jenna Patton6 min read
Heat Any Room in Minutes — Save 75% Today!
Sponsored

Heat Any Room in Minutes — Save 75% Today!

Learn more

The Message That Almost Fooled Everyone

It began with what seemed like a harmless request. A friend reached out asking for a quick vote to help him land a co-hosting spot at a major podcast event tied to Spotify and Google. The message felt casual, personal, and time-sensitive. "Hey, I need a quick favor. I'm in the running to co-host a major podcast event with Spotify & Google. It'd mean a lot if you could drop a vote for me. Appreciate you!"

Almost anyone would click without thinking twice. But one small detail — the link itself — raised an immediate red flag.

Soon after, a follow-up message cranked up the pressure: "Please vote for me, I would really appreciate it as the voting will be ending today." Then came a final request: "Thanks, please send me a screenshot after you voted."

That last line turned a seemingly innocent favor into something far more suspicious. This was not a friend asking for support. This was a carefully engineered scam.

What This Scam Actually Looks Like

The message claims a contact needs your support to co-host a podcast event with two of the most recognizable names in tech — Spotify and Google. It includes a link that appears legitimate at first glance.

Look closer, though, and the deception becomes obvious. The URL in question reads: spotifyprime-hub.ct.ws

That is not spotify.com. It is not google.com. Legitimate companies simply do not host major events on obscure third-party domains ending in .ct.ws. Cybercriminals register these cheap lookalike domains precisely because they are quick to set up and easy to overlook when you are scrolling fast.

What the Fake Voting Page Shows You

The fraudulent website is designed to look polished and credible. It even claims to be powered by Google. Once you land on the page, you are presented with three login options — typically Instagram, email, and X (formerly Twitter).

This is where the trap closes. The page has nothing to do with voting. Its entire purpose is to harvest your login credentials.

Red Flags That Expose This Scam

If you take a moment to slow down and examine the details, several warning signs become immediately clear.

1. The Web Address Is Wrong

The domain does not match any official Spotify or Google property. That single detail should be enough to stop you from proceeding.

2. Urgency Is Used as a Weapon

Phrases like "voting ends today" and "it would mean a lot" are deliberate emotional triggers. Scammers rely on rushed decision-making. The more pressure you feel, the less likely you are to pause and think critically.

3. Unrelated Login Buttons Are a Giveaway

No legitimate voting platform requires you to sign in with your Instagram, email, or X account. When a site demands credentials from unrelated platforms, it is almost certainly engaged in credential harvesting — the practice of tricking users into surrendering usernames and passwords.

A Real Victim's Account

One person who fell for this scam shared their experience in detail:

"I got that Twitter DM from a friend last week. I signed in to vote for him. It didn't work. Then, a day later, they hacked my account and locked me out before I could change my password. I'm still locked out. Another friend got it from me and also got hacked. They're trying to extort him to get access back. And today they tried to get into my bank accounts. It has been miserable."

This is how quickly the scam compounds. One compromised login becomes ten. Ten becomes hundreds. The infection spreads through trust networks with alarming speed.

What Happens After You Enter Your Credentials

The sequence of events following a successful phishing attempt is swift and methodical:

  1. You enter your username and password on the fake page.
  2. The scammer logs into your real account within minutes.
  3. They change your password and recovery email, locking you out completely.
  4. They send the same "vote for me" message to everyone in your contact list.
  5. If you reuse passwords across platforms, the attacker may attempt to access your email, banking, or shopping accounts using the same credentials.

This is a textbook account takeover phishing attack, and its effectiveness lies in how personal and trustworthy the initial message feels.

Why Scammers Ask for a Screenshot

The screenshot request at the end of the scam serves a calculated purpose. It confirms that you completed the fake login process, potentially exposes additional personal details visible on your screen, and keeps you engaged long enough to prevent immediate suspicion. By the time most victims realize something is wrong, the attacker has already gained full access.

What Spotify and Google Have Said

Spotify has addressed the scam directly. A company spokesperson stated: "We're aware of phishing messages falsely claiming to be associated with Spotify and other brands. These messages are not from Spotify, are not connected to any official Spotify event or activity, and are not occurring on the Spotify platform. We encourage people to remain vigilant and avoid clicking on suspicious links."

Google has directed users to its official online resources for identifying and avoiding phishing scams.

How to Protect Yourself

Always Verify the Full URL

Do not trust a brand name alone. Check that the domain matches the company's official website before clicking anything.

Resist Artificial Urgency

Scammers manufacture time pressure to short-circuit your judgment. Real requests from real friends can wait a few extra seconds for you to verify.

Enable Two-Factor Authentication

App-based two-factor authentication (2FA) adds a critical second layer of security. Even if a scammer obtains your password, 2FA can block unauthorized access.

Install Reputable Antivirus Software

Strong security software can flag known phishing domains, warn you about suspicious links, and intercept malicious activity before damage occurs.

Never Reuse Passwords

Using a password manager to generate unique credentials for every account significantly limits the damage from any single breach.

Confirm Unusual Requests Directly

If a contact sends something that seems out of character, reach out to them through a separate channel — a phone call or a separate text — before taking any action.

Monitor Your Active Login Sessions

Most social platforms allow you to review which devices and locations are currently signed in. If you spot anything unfamiliar, log out of all sessions immediately and change your password.

What to Do If You Already Clicked

Time is critical. If you entered your credentials on a suspicious site, act immediately:

  • Change your password on the affected platform right away.
  • Update passwords on any other accounts where you used the same credentials.
  • Enable two-factor authentication if it is not already active.
  • Review your active sessions and revoke access from any unrecognized devices.
  • Alert your contacts so they know not to click any links that may have been sent from your account.
  • Monitor your bank and email accounts for unusual activity.

The Bottom Line

There is no legitimate Spotify and Google podcast co-hosting competition running on an obscure .ct.ws domain. The entire operation is designed to steal social media credentials, hijack accounts, and replicate itself through your contact list.

The scam works because it looks convincing and feels personal. That combination is precisely what makes it dangerous. The next time a message asks you for a quick vote, take three seconds to inspect the link. That brief moment of skepticism could save you days — or weeks — of very real damage.

Tags

techworklifestyle