Verify you are on an official Stripe webpage : Stripe: Help & Support

Verify you are on an official Stripe webpage

To verify that you are actually on Stripe's website, you can check that the domain that you are on is one of the following:

stripe.com
stripe.dev
stripe.events
stripe.global
link.com

If you are unsure, follow this procedure:

Look at the text displayed in the address bar. This is the URL.
If the URL starts with https://, ignore this portion of the text in subsequent steps.
Find the first / in the URL. If you see it, ignore it and everything that comes after it in the URL.
Check that the remaining text is either stripe.com, stripe.events, etc., or it ends with .stripe.com, .stripe.events, etc.

Example on Google Chrome

Example Chrome address bar

Here, Chrome doesn't show the https:// prefix in the URL. However, it does show /dashboard. This should be ignored, as we are ignoring the first / in the URL and everything that comes after it. Finally, we find that the remaining URL ends in .stripe.com, meaning that this is a legitimate Stripe web page.

Example on Firefox

Example Firefox address bar

Here, Firefox shows the https:// prefix, which should be ignored. Then, we also ignore /login, as we are ignoring the first / in the URL and everything that comes after it. Finally, we find that the remaining URL ends in .stripe.com, meaning that this is a legitimate Stripe website.

Example on Safari

Example Safari address bar

Safari, by default, doesn't show the https:// prefix here, and hides the / and everything that comes after it in the URL. We note that the URL ends in .stripe.com, meaning that this is a legitimate Stripe website.

Example URLs

These are real Stripe URLs:

https://dashboard.stripe.com/login
https://stripe.com
dashboard.stripe.com/payments
https://connect.stripe.com/express_login

These are not real Stripe URLs:

https://dashboard-stripe.com/login: the portion left after removing https:// and /login does not end in .stripe.com (notice the hyphen). This is a phishing site.
dashboard.stripe.com.example.com: the URL ends in .example.com, not .stripe.com, so this is a fake website. (There is no https:// prefix or / to remove.)

Additional information

If you have received a suspicious email that looks like it is from Stripe but appears to be a phishing attempt, contact Stripe Support.