Cybercriminals have devised a phishing campaign that that takes aim at customers of the online payment processing company Stripe, with the intention to steal their credentials, compromise their accounts and presumably view their payment card data.
The attackers employ two clever tricks to hide their malicious activity. First, they use a technique to block email recipients from viewing the destination of a malicious embedded link when they hover over it with their cursor. Then, after stealing victims’ login credentials, they use a fake log-in error message as a sneaky way to transition them back back to the legitimate Stripe website.
The phishing emails appear to be an alert from Stripe Support, warning recipients that certain details associated with their account are invalid. Recipients are urged to quickly resolve their issues to avoid having their accounts frozen.
“This is cause for panic among businesses that rely solely on online transactions and payments. Fear and urgency are the most common emotions threat actors play on, spurring otherwise rational people to make irrational decisions,” Salvia states in the blog post.
The emails also contain a “Review your details” button, which, if clicked, sends users to a phishing site that impersonates Stripe. Unfortunately, cautious recipients who hover the cursor over the button before clicking will not see the hyperlink’s malicious destination.
“The true destination of this hyperlink is obscured by adding a simple title to HTML’s tag, which shows the recipient the title ‘Review your details’ when the recipient hov ..