This has been a week to remember here at The Verge. MWC 2026 in Barcelona lead straight into Apple’s week of product announcements. There was truly something for everyone, whether you’ve been wanting a company to make a phone that can start fires, or had your fingers crossed for a brand-new MacBook model that costs just $599.99. It was also a great week for gaming, with the launch of Slay the Spire 2 on Steam as an early access game, plus Pokémon Pokopia on Nintendo Switch 2, and Marathon on PC and PS5.

It was also a pretty good week when it comes to deals, especially if you’re in the market for new hardware. You can nab a free gift card with a preorder of early 2026’s most anticipated tech launching on March 11th, including Apple’s new MacBooks, plus Samsung’s lineup Galaxy S26 phones. Let’s not forget that Google’s Pixel 10A launched this week, and the gift card promo for that is happening through March 11th.

Here are this week’s best deals.

March 11th is a big day for tech launches. That’s when every product that Apple announced this past week will ship and hit shelves, including its M5-powered MacBook Air, its MacBook Pro models equipped with the M5 Pro and M5 Max processors, its affordable new MacBook Neo, the M4 iPad Air, plus two new Studio Displays. But wait, there’s more! Samsung’s Galaxy S26, the S26 Plus, and S26 Ultra launch that day, too.

With a couple exceptions (the Studio Displays and the iPad Air), you can get a gift card when you buy any of those products right now. Best Buy is the source for gift cards on most of Apple’s latest gear (including $25 with the MacBook Neo, $50 with the MacBook Air, or $100 with the MacBook Pro), while you can get one with any of Samsung’s new Galaxy S26 phones at Amazon (ranging from $100 to $200, depending on the model). Let’s not forget about the Google Pixel 10A, which launched March 5th and includes a $100 gift card through March 11th at Best Buy and Amazon.

Spring is in the air, and that means the return of many things: warmer weather, beautiful green leaves on trees, and bugs. Alright, I’m not excited about bugs, but I am excited about the return of the creatures who feast a lot of them — birds! I’m tempted to get a camera-equipped bird feeder this year, in part to let my toddler get a close look at hummingbirds, and one of the most appealing models out there is 37 percent off. Birdbuddy’s Smart Hummingbird Feeder Pro Solar is down to $189 at Birdbuddy and just $10 more at Chewy.

This model is powered by its solar panel, which works even on cloudy days (it can be recharged via USB-C if where you place it doesn’t get enough sun). Its motion-activated camera can capture 5-megapixel stills, slow motion footage, and HDR video of hummingbirds doing their thing. While these birds are often too quick to fully appreciate with the naked eye, this feeder will give you access to view them leisurely from the company’s companion app. There’s a Birdbuddy Premium subscription that starts at $69.99 per year that lets you name birds and track returning visitors, plus other features, but the base bird-viewing experience doesn’t cost extra.

If you’re into first-person shooters, you’ve probably heard of — and possibly already own — Marathon, Bungie’s anticipated PvPvE multiplayer title that’s a modern remake of one of the studio’s first games in the 1990s. The game just launched on PlayStation 5 and PC for $39.99, and you can get a small deal on the Steam PC version. Fanatical is selling Steam keys for $34.39, which is a 14 percent discount. Nothing huge, but it’s a nice price cut.

Several of us here at The Verge are playing Marathon, and are digging it so far. Its art style is unlike any other game, and admittedly, it has me strongly considering buying an OLED gaming monitor to enjoy. I need to see those neon colors pop.

Other great deals you might have missed this week

It started with a simple favor. A friend asked for help voting so he could co-host a major podcast event with Spotify and Google. The first message looked casual. It felt personal. It even had urgency.

“Hey, I need a quick favor,” the message read. “I’m in the running to co-host a major podcast event with Spotify & Google. It’d mean a lot if you could drop a vote for me. Appreciate you!”

I almost clicked. Then I noticed the link. That one detail likely saved multiple accounts. Then came a follow-up text that turned up the pressure: “Please vote for me, I would really appreciate it as the voting will be ending today.”

A final message read, “Thanks, please send me a screenshot after you voted.”

That is when it stopped feeling like a favor and began to feel like a setup. Let’s break down what is really going on here.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

What this Spotify voting text scam looks like

The message claims someone needs your vote to co-host a podcast event with Spotify and Google. It includes a link that looks official at first glance. But look closely.

The URL reads: spotifyprime-hub.ct.ws

That is not spotify.com. Major companies do not run events on random domains like ct.ws. Scammers register cheap lookalike domains because they are easy to create and hard to notice in a quick scroll. That tiny detail is the first red flag.

What the fake voting page looks like

The site looks clean. It feels polished and official. It even claims to be powered by Google. Then it gives you three options:

• Continue with Instagram
• Continue with Email
• Continue with X

That is when you need to stop. This is not about voting. It is about collecting your login credentials.

ROBINHOOD TEXT SCAM WARNING: DO NOT CALL THIS NUMBER

What gives this scam away?

If you slow down and look closely, several clear red flags jump out right away.

1. The web address

The domain is wrong. It is not spotify.com or google.com. Instead, it uses a random third-party address. That alone should stop you in your tracks.

2. The urgency

“Voting ends today.” “It would mean a lot.” Scammers rely on emotion and pressure. When you feel rushed, you stop analyzing. That is the goal.

3. The login buttons

A real voting page would not require your Instagram, email or X login. The moment a site asks you to sign in with unrelated platforms, you should assume credential harvesting, which is when scammers trick you into entering your username and password so they can steal your account.

What actually happened to someone who fell for it?

Here is what one victim shared after clicking:

“So I got that Twitter DM from a friend last week. I signed in to vote for him. It didn’t work. Then, a day later, they hacked my account and locked me out before I could change my password. I am still locked out, and it is apparently doing it to other people. Another friend got it from me and also got hacked and is locked out. They are trying to extort him to get access back. And today they tried to get into my bank accounts. It has been miserable.”

This is how fast it spreads. One login becomes 10. Ten becomes hundreds. It turns into a chain reaction.

What the scammers do after you log in?

The process is simple and brutal. First, you enter your username and password. Next, the scammer logs into your account within minutes. Then they change your password and recovery email. After that, they send the same “vote for me” message to everyone in your contacts.

If you reuse passwords, they may try those credentials on email, banking or shopping sites. This is a classic account takeover phishing scam.

Why do scammers ask for a screenshot?

This part is clever. After you “vote,” they ask for proof in the form of a screenshot. Here is why. First, it confirms you completed the login. Second, screenshots can expose usernames, email addresses or other visible details. Third, it keeps you engaged so you do not immediately realize something went wrong. However, the damage usually happens the moment you enter your credentials.

“We’re aware of phishing messages falsely claiming to be associated with Spotify and other brands,” a Spotify spokesperson told CyberGuy. “These messages are not from Spotify, are not connected to any official Spotify event or activity, and are not occurring on the Spotify platform. We encourage people to remain vigilant and avoid clicking on suspicious links.”

Meanwhile, a Google spokesperson pointed us to the company’s online guide for spotting and avoiding scams.

MICROSOFT ‘IMPORTANT MAIL’ EMAIL IS A SCAM: HOW TO SPOT IT

How to protect yourself from the Spotify voting scam

Now let’s talk prevention.

1. Always check the full URL

Look beyond the brand name in the message. If the domain is not the official company domain, do not click.

2. Slow down when you feel urgency

Scammers manufacture pressure. Real friends can wait.

3. Turn on two-factor authentication (2FA) 

Use app-based two-factor authentication (2FA) whenever possible. It adds a critical barrier.

4. Use strong antivirus software on your devices

Strong antivirus software can block known phishing sites, warn you about suspicious links and help prevent malicious downloads before damage is done. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

5. Never reuse passwords

Use a password manager to generate unique passwords for every account. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

6. Verify with the person directly

If a friend sends something unusual, call or text them separately and ask if they meant to send it.

7. Check login activity regularly

Most social platforms let you review active sessions. If you see a login from an unfamiliar location or device, log out of all sessions immediately.

What to do if you already clicked

• If you did not click, delete the message and warn your friend.
• If you did click and enter credentials, act fast.
• Change the password immediately.
• Enable two-factor authentication.
• Review login activity.
• Change any other accounts that use the same password.

Time matters here, so don’t put this off.

Kurt’s key takeaways

There is no Spotify and Google podcast voting event running on a random ct.ws domain. The entire operation exists to steal social media credentials, hijack accounts and spread further. It looks polished. It feels personal. That is what makes it effective. The next time someone asks you for a quick vote, pause and inspect the link. That small moment of skepticism can prevent days of damage.

If a message came from someone you trust, would you still stop to inspect the link before clicking? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

Copyright 2026 CyberGuy.com. All rights reserved.

Related Article

On Valentine’s Day, I brought you a story that’s since made headlines all around the world: How one man, just trying to steer his DJI robot vacuum with a PlayStation gamepad, discovered an entire network of 7,000 remote-control DJI robots ready to let him peek into other people’s homes.

To be clear, DJI had already begun addressing some of the related vulnerabilities before the man, Sammy Azdoufal, showed The Verge just how much he could access. But it wasn’t clear whether DJI would pay him for his discovery, particularly after how it treated security researcher Kevin Finisterre back in 2017 — or how soon DJI might fully patch the additional vulnerabilities that Azdoufal discovered.

Today, we have some of the answers.

DJI will pay Azdoufal $30,000 for one single discovery, according to an email he shared with The Verge, without specifying which discovery it’s paying him for. Though DJI is not naming Azdoufal, it confirms to The Verge it has “rewarded” an unnamed security researcher for their work.

DJI would also not tell us which discovery it’s paying him for, but says it has already addressed the extra vulnerability Azdoufal found where someone can view a DJI Romo video stream without needing a security pin. “We can confirm that the PIN code security observation was addressed by late February,” reads a statement provided by DJI spokesperson Daisy Kong.

You might be wondering: What about the vulnerability that seemed so bad we refused to describe it in our original story? DJI tells me it’s working on that one too: “We have also started upgrading the entire system. This includes a series of updates, which we anticipate will be fully implemented within one month.”

DJI has also published a public blog post today about strengthening the DJI Romo’s security, one where it continues to claim that it discovered the original issue itself, while also crediting “two independent security researchers” for finding the same problem.

There, DJI seems to be suggesting that everything’s already resolved with the Romo: “Updates have been deployed to fully resolve the issue.” But again, there wasn’t just one vulnerability, and DJI told The Verge that it could take as long as another month.

In the blog post, DJI also says that the Romo already has ETSI, EU, and UL certifications for security — which may raise questions about how useful those certifications really are if one guy with Claude Code could access an entire network full of robovacs! — and that it will continue to test, patch, and submit the Romo and its app to independent third-party security audits.

DJI writes that it is “committed to deepening our engagement with the security research community, and we will soon introduce new ways for researchers to partner and collaborate with us.”