A phishing campaign using fake invalid account Stripe support alerts as lures has been spotted while attempting to harvest customers’ bank account info and user credentials using booby-trapped Stripe customer login pages. Stripe is one of the top online payment processors, a company that provides the payment logistics internet businesses need to accept payments over the Internet from their e-commerce customers. This makes Stripe users the perfect target for threat actors looking to get their hands on their banking info, seeing that the company handles billions of dollars in payment every year.
Full story here: https://www.bleepingcomputer.com/news/security/stripe-users-targeted-in-phishing-attack-that-steals-banking-info/
Commenting on the story is Jonathan Deveaux, head of enterprise data protection at comforte AG:
“Companies that are profitable, disruptors, or trendy may be HIGHER profile targets than other organizations. Threat-actors realize that emerging companies may have data security gaps due to their success and rapid growth. As customer popularity grows for a company, so do cyber-threats against it.In this case, the cyber-threat is targeting its customer base under false pretences of the Stripe name. Stripe seems to have done a good job of providing information on its website with tips that should help users avoid getting phished.Companies who want to secure their growth and protect the data privacy of their customers should do two things: 1) Keep their customers well informed about steps to avoid phishing attempts, and 2) Look at data-centric security to minimize risks from data breaches or data incidents.”
Article Link: http://digitalforensicsmagazine.com/blogs/?p=2836