The Cofense Phishing Defense Center (PDC) discovered a new phishing campaign aimed at retrieving user identification information from online payment company Stripe.
Stripe manages billions of dollars each year and that is why the company is such an attractive target for cybercriminals looking to access payment card information and defraud consumers.
The campaign discovered by Cofense begins with a user receiving an email claiming to be a support notification from Stripe. The email informs the account administrator that "the account information is invalid."
If the administrator does not act immediately, your account will be put on hold, which could significantly disrupt online payment and transaction-based activities. Fear and urgency are often the most common emotions cybercriminals face because they can cause rational people to make irrational decisions.
Gang phishing campaign
In the body of the email, there is a button with an embedded hyperlink that says the following: "Please verify your information." However, when this button is clicked, it redirects the recipient to a phishing page.
In most cases, a user can verify the destination of a hyperlink by hovering over it with the mouse cursor. In this case, however, the true destination of the hyperlink is hidden by adding a simple caption to HTML. tag and the recipient sees the title "Browse Your Data" when passing the button instead of the URL.