Phishing attacks happen when a malicious source tries to get you to provide private information by pretending to be a legitimate company, coworker, or someone else you trust. They often look very much like official emails, websites, tweets, facebook posts, etc, and can easily get your personal information if you’re not on the lookout.

Stripe does send email notifications from time to time, so it’s always worth double-checking some key details:

• Check the URL before clicking on a link. On a web browser, hover over the link and look at the URL that shows up on the bottom of your browser – is it actually pointing to a page at stripe.com?
• Our emails will always come from the “stripe.com” domain, and you can always reply directly to the message to get in touch with us.
• Only type your password into sites after double-checking that it’s really the website you want, and not just one that’s made to look like Stripe. Check the domain name for typos (ie, “stirpe.com”). Check for our Extended Validation Certificate (find out how here); this usually looks like a green lock next to the URL, and it lets you know that you are really on Stripe’s website.
• If you suspect it might be a phishing attempt, please forward the full message along with the email headers (if you know where to find them) to us through our contact page.

Most importantly, stay alert. It’s always a good idea to have a strong password and to enable two-step verification on your account. If you need to reset your password, you can do so here.