Scams, Hacks and Frauds: Protecting your family from Internet Scams, Con Artists and Cybercrime

Fake Music, Fraudulent Listeners, Real Prison Time: Spotify Scammed For Millions

Cee | Host of Scams, Hacks and Frauds. Season 1 Episode 29

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 8:59

Tell us your story here!

Welcome to Scams, Hacks and Frauds! In this episode, we dive deep into a fascinating true crime story about a sophisticated scam operation where Michael Smith was convicted of fraud related to fake listeners streaming AI-generated music on Spotify. This scam netted millions, exposing serious vulnerabilities in the music streaming industry.

You'll learn how this scam worked, why it matters to you, and why protecting your accounts with strong passwords is essential—even for seemingly harmless platforms.  This case is just one example of how scams and fraud continue to evolve, impacting not only individuals but also large corporations.

Join us as we uncover the mechanics behind this fraud and offer practical advice to help you identify and avoid scams before they happen.  Stay safe and informed with our weekly true crime stories focused on scams, hacks, and frauds.

We publish new content every other Monday. The short time our episodes save your wallet, and help protect your family.

If you like shows like "The Perfect Scam" or "Darknet Diaries" then this show might be for you.  

On our website you’ll find more computer hacking, identity fraud, impersonation, consumer rights and Romance Scams.  To find these and to access our transcripts, visit us at www.scamshacksandfrauds.com.

The transcript and spoken audio are available under the Creative Commons, Share Alike, With Attributions license. For more information on this visit creativecommons.org.  

t's May 11, 2017, and in an office somewhere, a data entry worker has just received an email from a new client, called Michael Smith.


Michael has sent the worker a very strange request.  He wants the worker to set up a load of accounts on Spotify - dozens of them.   You might be wondering if Mr Smith is maybe an eccentric old family member who’s decided to gift all of his relatives, no matter how distant, the gift of free music?”  No, this is something even stranger.


“Just make up names and addresses” says the email from Michael, “But make sure they’re all the same for family members, and make sure everyone is over 18”.


But why would Michael need so many Spotify accounts?  And how, in March 2026, would this lead to 5 years in prison? Find out this week on the podcast that helps keep your family safe from Scams, Hacks, and Frauds.


——


Remember to subscribe to us on Apple Podcasts, Spotify, or whatever podcast platform you prefer.


We’re going to fast-forward now to October 20, 2017; Michael is doing the books.  


He’s set up 52 different accounts on cloud computing platforms, which are services that let you rent computers in data centres to do certain tasks.  Each one of those 52 Cloud computing accounts controls 20 accounts on streaming platforms, many of them sharing family accounts - The Data Entry worker set those up as families so he doesn’t have to pay for individual accounts.


52 Cloud computing accounts, times 20 streamers, make 1040 accounts under his control at any one time.  If he had them listening to songs all of the time, that would be about 636 songs per day per account, or over six hundred and sixty one thousand songs listened to each day in total.


Now you might be wondering what Michael is going to do with so many streams, maybe he’s going to try to become the worlds biggest musician on Spotify you might think?  660,000 listens a day is a lot, but in 2017, the biggest streaming artist on Spotify was Ed Sheeran, with 3.1 billion streams.  If Michael was going to try to manipulate the charts to come out on top with his bots, it would take him over a decade to reach those sorts of figures, even if Ed Sheeran didn’t get any more listens.


But manipulating the charts is not Michael’s plan.  He doesn’t need a bigger botnet.  He just needs half a penny.


If each stream netted him a royalty of half a penny, he figures his botnet should be able to pull in about $3,300 per day, or over a million dollars a year.  All he needs to do is upload some of his own music, set his botnet to listen to them, and cash in. 



As time went on, it became harder and harder for Michael to keep doing what he was doing.  Michael would need to turn to prepaid debit cards to fund the few Spotify and cloud computing sites he did pay for, and use VPNs to cover up his activity… but by 2018, a new problem arose.  The streaming sites were catching on, and removing many of the songs he’d uploaded, and he needed more content.  He was a musician so he could create some, but that was time consuming, so he started to reach out to publicists, selling his botnet as a service to other musicians in exchange for a cut of their royalties…. but even with this Michael still found he could not put his hands on enough music in order to be able to continue his operation without creating unusually high listen levels that might attract attention.


So he did what all the kids are doing these days.  He turned to AI, and he didn’t just go onto websites and create them himself; he reached out to executives at AI companies to get them to automatically churn out musical slop.  By October 18 of 2018, he’d generated thousands of fraudulent streams of AI-created music, or as he and his co-conspirators called it, instant music, with thousands of new tracks being added every month, each one of them with Michael as the legal owner of the “Song” - I hope you can hear my air quotes as I said that.  


Almost a year later, in June 2019, they were at 88 million total streams, his botnet was earning $110,000 a month, and the AI companies were in for a 10% cut.  It's kind of a full circle, I guess, fake listens to fake music.  


Even though AI improved, his music would occasionally be caught by the streaming service.  They would contact Michael in 2018 and 2019, and tell him that his music was being remvoed due to what they called streaming abuse, and Michael would act indignant, filing appeals and complaints, and insisting that he’d not broken the terms of service, or used AI to create his music… which of course he had, even going as far as to hire Lawyers to make his case and demand his royalty payments from the body that distributes streaming royalties, the Mechanical Licensing Collective (MLC)  


But eventually, on September 3, 2024, More than 7 years after he started, the FBI attended his home in North Corlina, following an unsealed indictment in New York, and took him into custody.  He eventually plead guilty, and in March 2026 was sentenced to 5 years in prison.



Okay, so you might be wondering what this has got to do with you.  You might be thinking I’m not Spotify, I’m not in a band, what has it got to do with me?


Well, whilst Michael’s scheme involved Spotify accounts that he paid for, not all streaming scammers do that.  In 2019, Spotify users noticed they had a whole lot of songs in their listening history they’d never listened to, and, like Michael’s music, these were short, had generic artwork, and could only be found on Spotify.  Once this started to get picked up in the press, the tracks disappeared as mysteriously as they appeared.  We never found out if this was just some enterprising kid in his bedroom, organised crime, or state-linked hackers; Spotify is keeping silent.


And this could be a bigger problem than anyone realises.  Streaming fraud is estimated to cost around $2 Billion a year, and charges and convictions aren’t that common.


Streaming sites typically use a pro rata model to distribute royalties.  What that means is the cites pool together the revenue they get from ads and subscriptions, and then divide that by the number of plays.  So every time one of these fraudsters has a bot listen to their own fake song, that's money that's taken away from your favourite artist.


I know I talk about passwords a lot, the importance of using different passwords on different sites, choosing passwords that aren’t easy to crack, and enabling two-factor authentication, and if you’re using a service like Spotify, you might be thinking, who cares if they steal that password, what are they going to do… listen to some music?  Well, now you have your answer.


These hacked listeners see money that might have gone to artists you love and care about sent  literally anywhere.


The UK’s National Computer Security Centre https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/three-random-words suggests either using a password manager to create good, strong, random passwords, or if you want to keep control, use three unrelated words, the longer the better.  Three words is a lot easier to remember than a bunch of random letters and characters…. And please, do turn on multi-factor or two-factor authentication where it's available, even if you think that account can’t do anything important, you never know what someone else might be able to use it for.


I’ve been Cee, and this has been Scams, Hacks and Frauds.  Please share this show with the music lovers in your life.

Podcasts we love

Check out these other fine podcasts recommended by us, not an algorithm.

Small Town Dicks Artwork

Small Town Dicks

Small Town Dicks | Audio 99 | Daylight Media
Opening Arguments Artwork

Opening Arguments

Opening Arguments Media LLC
Skeptoid Artwork

Skeptoid

Brian Dunning