The Cofense Phishing Defense Center (PDC) published research Thursday on a phishing campaign that aims to harvest credentials from Stripe, the online payment facilitator handling billions of dollars annually, making it an attractive target for threat actors seeking to use compromised accounts to gain access to payment card information and defraud consumers.
Companies that are profitable, disruptors, or trendy may be higher profile targets than other organizations. Threat actors realize that emerging companies may have data security gaps due to their success and rapid growth. As customer popularity grows for a company, so do cyber threats against it.
In this case, the cyber threat is targeting its customer base under false pretenses of the Stripe name. Stripe seems to have done a good job of providing information on its website with tips that should help users avoid getting phished.
Companies who want to secure their growth and protect the data privacy of their customers should do two things: 1) keep their customers well informed about steps to avoid phishing attempts, and 2) look at data-centric security to minimize risks from data breaches or data incidents.