Earlier this year, a hacker was convicted of breaking into cloud storage accounts and stealing unreleased music from big artists like Coldplay, Shawn Mendes, and Bebe Rexha. They then sold it on the dark web for a tidy £42,000 ($56,600) profit. While this case was a direct hack, phishing is a similar growing cybersecurity threat that affects big artists and indie musicians alike.
Phishing is a scam where someone tries to trick you into sharing sensitive info, like passwords and financial details, via fake emails, DMs, or log in pages. To put it into perspective, a whopping 3.4 billion phishing emails are sent worldwide everyday. Phishing can lead to all sorts of problems, from losing control of your accounts to having your music stolen. But, if you learn how to recognize and avoid phishing attempts, and take steps to secure your accounts and website, you can successfully protect your creative work and your career.
Protect your accounts
If you haven’t already, create a separate professional email to use solely on music platforms and business-related accounts. Keeping personal and music/business emails separate makes it much harder for a phishing attack on one account to compromise your other accounts. A password manager can also be a big help here. This tool can generate and remember strong passwords, and make them unique for each of your accounts. If possible, choose a password manager with extra security features, like breach alerts that will tell you if any of the sites you use have had a data leak.
Also, turn on two-factor authentication (2FA) everywhere. This adds an extra security step when you log in, like a code on top of your password. Just be aware that 2FA via text messages isn’t the most secure option, as hackers can potentially intercept your texts or even hijack your phone number through a SIM-swap attack. A better alternative is to use a 2FA authentication app. This generates a new code every time you want to log in, and it does so locally on your device. So even if a hacker knows your password or phone number, they still won’t be able to log in without the new code from your app.
Learn to spot and avoid phishing attempts
Over 80% of online breaches involve human error, like clicking on a phishing link by accident, according to a Verizon report. This highlights the importance of security awareness training, which helps online music creators learn to spot phishing attempts and avoid giving away sensitive information. A good first step to verify an email is to check the sender’s address is genuine and matches the official address of the platform or person it’s supposed to be from. A fake address may look almost identical to the real one, but with tiny typos or extra numbers or punctuation that can be easy to miss at first glance. Also, look out for wrong domains (like spotify-support@gmail.com instead of the official @spotify.com). If the sender looks suspicious or doesn’t match the platform, report it as spam.
When you read the email, hover over any links before you click them. The link should be spelled right, and use the correct domain. If it looks suspicious, don’t click it. Instead, type the official website into your browser to verify information or log in securely. And if you’re still unsure, get in touch with the person or platform directly to ask about the email.
Keep your website updated
You can also keep your website and plugins updated to further prevent phishing attempts. Regular updates patch security weaknesses that hackers can otherwise use to create fake login pages or redirects away from your site. Set a reminder to check for updates at least once a week, or opt for automatic updates if they’re available. Backing up your site regularly is another good safety net. So, if you get hacked or phished, you’ll still have all your original content and music, and can restore it quickly. Luckily, most hosting providers make this easy with one-click backups and restores. So you don’t need any technical know-how.
With phishing on the rise, cybersecurity needs to be a priority for all online music creators. If you learn how to recognize phishing attempts, protect your accounts, and keep your website secure, you’ll successfully keep you and your music business safe.