Stripe is an online platform that enables businesses to deal with payments. It handles billions of dollars annually and has a rich client base of reputed brands. This makes Stripe an attractive target for hackers.
How does the campaign work?
An email pretending to be from Stripe support informs the account administrator that the details associated with the account are invalid.
What happens next?
The victim is redirected to the account login page after entering the details. Here, an error message, ‘Wrong Password, Enter Again’ is displayed. This leads the victim to believe that an incorrect password has been entered. Following this, redirection to the legitimate site happens to avoid raising suspicion.
Staying safe
Researchers from Cofense who analyzed this campaign have published Indicators of Compromise (IOCs) that you can keep an eye on.
Worth noting
“Another interesting factor in this attack was the credential compromised. The attackers were able to obtain the login details for a press[@]company[.]org email address, which also granted them access to the victim company's MailChimp account,” says Aaron Higbee, Cofense CTO.Publisher