Phishing attacks happen when a malicious source tries to get you to provide private information by pretending to be a legitimate company, coworker, or someone else you trust. They often look like official emails, websites, tweets, or Facebook posts, and can steal your personal information if you’re not on the lookout.

Stripe does send email notifications from time to time, so it is always worth checking the content of the email for the following details:

• Check the web address (URL) before you click on a link. On a web browser, hover over the link and look at the URL that shows up on the bottom of your browser. Is it pointing to a page at stripe.com?
• Stripe emails will sometimes come from e.stripe.com or growth.stripe.com, and you may see pages that include stripe.events or go.stripe.global. All of these are domains that are owned by Stripe.
  • stripe.com is where our product lives, and it is common practice for companies to choose different domains for sending emails and hosting landing pages. Doing so allows us to protect the original domain from security threats.
  • Some Stripe emails will also contain links that read https://info-link.stripe.com which will be a redirect link owned by Stripe that will direct users to Stripe proprietary content. Users also should check to make sure there is “https” in the link. All event registration pages will have stripe.events domain in the url (e.g. https://stripe.events/devxdub).
• Only type your password into a website after confirming that it is the website you want, not one that was created to look like Stripe. Check the domain name carefully and watch out for typos (such as stirpe.com).

If you believe the email is a phishing attempt, please reach out to Stripe support.

Additional Information

• For additional protection: make sure your Stripe account is protected using a strong password, and enable two-step verification on your account for another layer of security.
• If you need to reset your password, you can do so here.