Phishing attacks happen when a malicious source tries to get you to provide private information by pretending to be a legitimate company, colleague or someone else that you trust. They often look like official emails, websites, tweets or Facebook posts, and can steal your personal information if you're not on the lookout.

Stripe does send email notifications from time to time, so it is always worth checking the content of the email for the following details:

• Check the web address (URL) before you click on a link. On a web browser, hover over the link and look at the URL that appears on the bottom of your browser. Is it pointing to a page at stripe.com?
• Stripe emails will sometimes come from e.stripe.com or growth.stripe.com, and you may see pages that include stripe.events or go.stripe.global. All of these are domains that are owned by Stripe.
  • stripe.com is where our product lives, and it is common practice for companies to choose different domains for sending emails and hosting landing pages. Doing so allows us to protect the original domain from security threats.
  • Some Stripe emails will also contain links that read https://info-link.stripe.com, which will be a redirect link owned by Stripe that will direct users to Stripe proprietary content. Users also should check to make sure there is "https" in the link. All event registration pages will have the stripe.events domain in the url (e.g. https://stripe.events/devxdub).
• Only type your password into a website after confirming that it is the website that you want, not one that was created to look like Stripe. Check the domain name carefully and watch out for typos (such as stirpe.com).

If you believe the email is a phishing attempt, please contact Stripe Support.

Additional information

• For additional protection: make sure that your Stripe account is protected using a strong password, and enable two-step verification on your account for another layer of security.
• If you need to reset your password, you can do so here.