# Verified Stripe domains

Phishing attacks happen when a malicious source tries to get you to provide private information by pretending to be a legitimate company, coworker, or someone else you trust. They often look like official emails, websites, or social media posts, and can steal your personal information. Phishing attacks can be extremely convincing, and bad actors target Stripe users, so you must remain vigilant.
Stripe is aware that bad actors who obtain Stripe users' API keys may try to trick users into enabling certain products under the threat of deactivation. **Stripe does not deactivate users for not adopting Stripe products.** If you've received such an email, check it carefully as described below and see Protecting against compromised API keys.
Stripe does send email notifications from time to time, so it is always worth checking the content of the email for the following details:
* Check the web address (URL) before you click on a link. On a web browser, hover over the link and look at the URL that shows up on the bottom of your browser. Is it pointing to a page at `stripe.com`?
* Stripe emails will sometimes come from `e.stripe.com` or `growth.stripe.com`, and you may see pages that include `stripe.events`or `go.stripe.global`. All of these are domains that are owned by Stripe.
  * `stripe.com` is where our product lives, and it is common practice for companies to choose different domains for sending emails and hosting landing pages. Doing so allows us to protect the original domain from security threats.
  * Some Stripe emails also contain links that read `https://info-link.stripe.com`, which is a redirect link owned by Stripe that directs users to Stripe proprietary content. Users should also check to make sure there is “https” in the link. All event registration pages will have the `stripe.events` domain in the url (for ex., `https://stripe.events/devxdub`).
* Only type your password into a website after confirming that it is the website you want, not one that was created to look like Stripe. Check the domain name carefully and watch out for typos, such as `stirpe.com`.
If you believe the email is a phishing attempt, [reach out to Stripe support](/contact/login).
### Additional Information
* For additional protection: make sure your Stripe account is protected using a strong password, and enable two-step authentication on your account for another layer of security.
* If you need to reset your password, you can do so in the [Dashboard](https://dashboard.stripe.com/reset).