"Stripe Targeted by Phishing Campaign"
There has been a new phishing campaign discovered, targeting a global online payment system called Stripe. The adversaries performed the attack using an email, which resembles an official Stripe email, and sent the email out to Stripe users. The email would say that the “Details associated with account are invalid,” and that urgent user intervention is required. The hackers even masked their URL so that even the more careful users would get tricked. When a victim clicked on the link the user was then taken to three websites that look almost identical to the real Stripe page. Each has a data form: one for the email and password, one for bank data and phone number, and the third one is again for username and password. Once the information is entered onto the third data form, the victim will get a “wrong username/password” message and would be redirected to the legitimate site. That way, the user wouldn’t suspect a thing.