Cybercriminals have devised a phishing campaign that that takes aim at customers of the online payment processing company Stripe, with the intention to steal their credentials, compromise their accounts and presumably view their payment card data.
The attackers employ two clever tricks to hide their malicious activity. First, they use a technique to block email recipients from viewing the destination of a malicious embedded link when they hover over it with their cursor. Then, after stealing victims’ login credentials, they use a fake log-in error message as a sneaky way to transition them back back to the legitimate Stripe website.
Researchers from Cofense’s Phishing Defense Center recently uncovered the phishing plot and exposed it in an Oct. 17 blog post written by threat analyst Milo Salvia.
The phishing emails appear to be an alert from Stripe Support, warning recipients that certain details associated with their account are invalid. Recipients are urged to quickly resolve their issues to avoid having their accounts frozen.
“This is cause for panic among businesses that rely solely on online transactions and pa ..
Support the originator by clicking the read the rest link below.
