Users of the global online payments system, Stripe are being warned about a sophisticated phishing scam that aims to harvest their user credentials.
Stripe is an attractive target for cybercriminals seeking access to payment card information as it manages billions of dollars of online payments from businesses all over the world.
The phishing email, which resembles an official Stripe email explains that the “details associated with the account are invalid,” and that urgent action is required. The email then encourages users to click a link to review their details.
For any businesses relying on online transactions and payments, an account placed on hold could cause major disruption. As such, the email aims to create a sense of urgency and panic for the recipient.
By clicking the link, recipients are directed to a fake Stripe website where they are prompted to provide their credentials, including their user name, email, password, bank information, and phone number.
However, when the recipient enters their personal information, they will receive a “wrong username/password” error message and will then be redirected to the legitimate Stripe website so that they won’t suspect that the email is a scam. The email is also particularly sophisticated in the way it masks the URL so that cyber-savvy users could be easily tricked into clicking the link as the URL destination is obscured.
Unfortunately, this is not the first time that Stripe users have been targeted by phishing. As such, Stripe recommends customers to protect their accounts using strong passwords and to add an extra layer of security by enabling two-step verification.
With 90% of all data breaches caused by phishing and 3.4 billion fake emails sent every day, users must remain cautious and vigilant. Despite the increasing sophistication of these emails, there are several signs which can alert you to the presence of a phishing email.
Metaphish provides a robust defense against phishing attacks by training employees how to identify and respond appropriately to these threats. Get in touch for further information on how we can help protect your business.