Stripe users targeted in major phishing campaign

(Image credit: Shutterstock)

A new phishing campaign which aims to harvest user credentials from the online payment company Stripe has been discovered by the Cofense Phishing Defense Center (PDC).

Stripe handles billions of dollars annually and this why the company is such an attractive target for cybercriminals looking to gain access to payment card information and to defraud consumers.

The campaign discovered by Cofense begins with a user receiving an email which pretends to be a notification from Stripe support. The email informs the account administrator that “details associated with account are invalid.”

If the administrator fails to take immediate action, their account will be placed on hold and this could be quite disruptive for any business that relies on online transactions and payments. Fear and urgency are often the most common emotions that cybercriminals play on as the can lead rational people to make irrational decisions.

Stripe phishing campaign

Inside the email body, there is a button with an embedded hyperlink which reads “Review your details”. However, when this button is clicked, it redirects the recipient to a phishing page.

In most cases, a user can check the destination of a hyperlink by hovering over it with their mouse cursor. In this case though, the true destination of the hyperlink is hidden by adding a simple title to HTML's <a> tag and instead the recipient sees the title “Review your details” when hovering over the button instead of the URL.

The phishing page users are redirect to is an imitation of the Stripe customer login page. In fact, the phishing page consists of three separate pages. The first one aims to collect the admin's email address and password while the second page asks for the bank account number and phone number associated with the account.

Finally, the recipient is redirected back to the account login page which shows an error message that reads “Wrong Password, Enter again”. This helps prevent the recipient from suspecting any foul play.

Stripe users should check their email cautiously and avoid clicking on any suspicious URLs to avoid falling victim to this new phishing campaign.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
Lilo &amp; Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
China
Chinese hackers targeting Juniper Networks routers, so patch now