To verify that you are actually on Stripe's website, you can check that the domain you are on is one of the following:
stripe.com
stripe.dev
stripe.events
stripe.global
link.com
If you are unsure, follow this procedure:
https://
, ignore this portion of the text in subsequent steps./
in the URL. If you see it, ignore it and everything that comes after in the URL.stripe.com
, stripe.events
, etc., or it ends with .stripe.com
, .stripe.events
, etc.
Here, Chrome doesn't show the https://
prefix in the URL. However, it does show /dashboard
. This should be ignored since we are ignoring the first /
in the URL and everything that comes after. Finally, we find that the remaining URL ends in .stripe.com
, meaning this is a legitimate Stripe webpage.
Here, Firefox shows the https://
prefix, which should be ignored. Then, we also ignore /login
since we are ignoring the first /
in the URL and everything that comes after. Finally, we find that the remaining URL ends in .stripe.com
, meaning this is a legitimate Stripe website.
Here, Safari, by default, doesn't show the https://
prefix and hides the /
and everything that comes after in the URL. We note that the URL ends in .stripe.com
, meaning this is a legitimate Stripe website.
These are real Stripe URLs:
https://dashboard.stripe.com/login
https://stripe.com
dashboard.stripe.com/payments
https://connect.stripe.com/express_login
These are not real Stripe URLs:
https://dashboard-stripe.com/login
: the portion left after removing https://
and /login
does not end in .stripe.com
(notice the hyphen). This is a phishing site.dashboard.stripe.com.example.com
: the URL ends in .example.com
, not .stripe.com
, so this is a fake website. (There is no https://
prefix or /
to remove.)