Once again, a peculiar phishing attack has surfaced online, this time, targeting Stripe users. The attack not only aims at stealing the users account credentials, but also their banking information.
Researchers from Cofense have discovered another phishing attack actively targeting Stripe users, an online payment processor. As described in their recent blog post, the phishing attack not only aims to steal users’ login data but also lures them to share their financial details.
The attack begins with bogus emails impersonating Stripe as the sender. The content of the email is enough to create a sense of panic as it informs the recipient of invalid account details. The attackers have also designed this email quite smartly as they spoof the sender’s ID as ‘Stripe Support’. They have also customized the clickable ‘Review your details’ button in the email with a custom HTML title tag. This prevents the user from seeing a preview of the embedded link while hovering the mouse on it.
Clicking on the ‘Review’ button then lands the user to the phishing website that includes a series of web pages. The first page asks the users’ credentials, submitting which redirects the user to another web page asking the bank account number and the users’ phone number. The last page then redirects the victim to the actual login page of Stripe’s website to avoid possible detection.