A new phishing campaign targeting a global online payments system was recently discovered and, according to the researchers, the attackers have gone an extra mile to make sure they don't get spotted.
Security researchers from anti-phishing organisation Cofense have uncovered a phishing campaign against the users of Stripe. Stripe is an online payment processing service for internet businesses, which has clients all over the world. According to Cofense, the hackers were playing on the sense urgency, and the fact that many businesses can't operate without a well-functioning Stripe account, to try and trick them into giving away their credentials and, consequently, payment info.
They'd prepare an email, which resembles an official Stripe email by all means, and send it out to Stripe users. The email would say that the “Details associated with account are invalid,” and that urgent user intervention is required.
The email would then offer a link to the fake Stripe website where users would think they’d be fixing their accounts, but instead would just be giving credentials to the hackers.
This is a usual phishing tactic and nothing out of the ordinary when it comes to cybercrime. But the extra mile is seen in the way the hackers mask the URL so that even the more careful users get tricked.
As Cofense explains, by adding a simple title to the HTML’s <a> tag, the link’s true destination can no longer be seen by simply hovering over the link.
When the unsuspecting victim clicks the link, he / she is met with three websites that looks almost identical to the real Stripe page. Each has a data form: one for the email and password, one for bank data and phone number, and the third one is again for username and password. The trick is, on the third one, the victim will get a “wrong username/password” message and would be redirected to the legitimate site. That way, they wouldn’t suspect a thing.
As usual, everyone is advised not to click on links provided in email messages, and to be extra careful in analysing who the email sender really is.