A phishing campaign has been identified attempting to harvest customers’ bank account information and user credentials.
The Cofense Phishing Defense Center (PDC) researchers who discovered the Stripe phishing campaign, found that the attackers are using the “Review your details” button, which redirects customers to their phishing pages, to hide their actual destination.
“The true destination of this hyperlink is obscured by adding simple title to HTML’s tag, which shows the recipient the title “Review your details” when the recipient hovers over the button instead of the URL,” the researchers wrote.
As phishing bait the campaign ues invalid account notification, with a fake Stripe support message stating “This is a confirmation that the details associated to your account is currently invalid” and that “Failure to attempt to this issues your account will be place on hold.”
The phishing page is a replica of the Stripe customer login page, and consists of three pages. The first page focuses on harvesting the admin’s email address and password, whilst the second requests the customer for the bank account number and phone number associated with the account.
With the third page, the customer is redirected back to the account login page, where an error message “Wrong Password, Enter Again” is displayed. This message leads the customer to believe that they have entered their password incorrectly and redirects then “back to the legitimate site, so the recipient doesn’t suspect foul play.”
On the company’s support site, Stripe states that it also sends customers email notifications. Tips have been providing to help users avoid getting phished such as checking a web address before clicking on it.
Stripe has also recommended customers to use strong unique passwords for their accounts, and implementing two-step verification.