Phishing attacks happen when a malicious source tries to get you to provide private information by pretending to be a legitimate company, coworker, or someone else you trust. They often look like official emails, websites, tweets, or Facebook posts, and can steal your personal information if you’re not on the lookout.
Stripe does send email notifications from time to time, so it is always worth checking the content of the email for the following details:
Check the web address (URL) before you click on a link. On a web browser, hover over the link and look at the URL that shows up on the bottom of your browser. Is it pointing to a page at stripe.com?
Stripe emails will come from the “stripe.com” or "e.stripe.com" domains, and you can always reply directly to the message to get in touch with us.
Only type your password into a website after confirming that it is the website you want, not one that was created to look like Stripe.
Check the domain name for typos (such as “stirpe.com”).
Check for our Extended Validation Certificate; this usually looks like a green lock next to the URL, and it lets you know that you are on the genuine Stripe website.
If you believe the email is a phishing attempt, forward the full message along with the email headers to email@example.com.