Fake Spotify Customer Support Account Takeover Scam
Scammers pose as Spotify customer support agents through social media or email and offer to help users recover access to their Spotify account, but the 'recovery' process hands over credentials to the attacker.
Part of: Fake Customer Support Scams
Last reviewed: 7 June 2026
When a Spotify account gets hijacked — a common occurrence since Spotify credentials appear in many leaked password databases — the account holder often turns to social media or search engines for help. Scammers monitor these channels and position themselves as helpful support agents, ready to resolve the problem quickly.
The intervention feels reassuring because it arrives at a moment of genuine stress. The attacker's knowledge of Spotify's interface and support language makes the conversation feel authentic. Victims who are desperate to regain access to their playlists and subscription are more likely to follow instructions without sufficient scrutiny.
This scam is particularly effective on platforms like Twitter/X, where victims publicly tag @SpotifyCares seeking help — scammers monitoring that tag can respond within minutes with a direct message posing as Spotify.
How this scam works on the Spotify brand
Spotify's real customer support is accessed through support.spotify.com or through the @SpotifyCares handle on social media — the verified, blue-badged account. Spotify support agents will never ask for your account password through any channel, and they handle account recovery through Spotify's internal systems, not through a link they provide in a DM.
A fake agent messages the distressed user with a professional-sounding opener: 'Hi, I am from Spotify Support. I can see your account issue. Let me walk you through the recovery steps.' They ask for the registered email address and then send a fake 'recovery link' to that address — which is actually a phishing page. Alternatively, they ask the victim to share their current password 'for account verification'.
In some cases, the scammer instructs the victim to visit a fake Spotify support page and enter both their old and new passwords, ostensibly to 'confirm identity' — giving the attacker both the existing credentials and a view of whatever new password the victim chose.
Common red flags
- A social media account claiming to be Spotify Support sends you a DM after you post about an account problem
- The support account does not have a verified badge or its name differs slightly from @SpotifyCares
- The 'support agent' asks for your Spotify password for any reason
- A 'recovery link' sent by the agent leads to a non-spotify.com domain
- The agent asks you to share both your current and new passwords as part of the recovery
- The conversation moves quickly and the agent seems eager to resolve the issue without the usual identity verification steps
How to protect yourself
- Access Spotify support only at support.spotify.com or via the official @SpotifyCares account on social media
- Never share your Spotify password with anyone claiming to be support
- Change your Spotify password immediately if your account was genuinely accessed without your permission
- Use a unique password for Spotify, different from your email password, to limit further exposure
- Report any fake support accounts on Twitter/X using the platform's reporting tools
How to report it
- Report phishing to Spotify at [email protected]
- Report the fake support account on the social media platform where it appeared using that platform's reporting tools
- File a report with the FTC at reportfraud.ftc.gov (US) or Action Fraud actionfraud.police.uk (UK)
- If your account was accessed, complete the recovery steps at support.spotify.com
Frequently asked questions
Does Spotify Support ever DM customers on social media?
Spotify's official @SpotifyCares account does engage with customers on social media, including through direct messages, to provide support. However, the genuine @SpotifyCares account is verified with a blue badge. Critically, it will never ask for your password or direct you to log in through a link it provides.
Why do scammers monitor social media hashtags and mentions?
Public posts about account problems are an invitation for fraudsters. They require no special access to find — anyone can search for '#SpotifyHelp' or mentions of @SpotifyCares. This is why public posts about account issues carry a risk of attracting fake support responses.
How do I recover a genuinely hijacked Spotify account?
Go to support.spotify.com and use the 'Reset password' function, which sends a link to your registered email address. If you no longer have access to that email, follow the official account recovery process at support.spotify.com/us/article/my-account-was-hacked/.