Stripe is a popular financial service that enables businesses to receive online and in-person payments to improve customer convenience. Unfortunately, like many online payment-related apps, it’s also one of the payment platforms fraudsters use to scam unsuspecting people. 

A Stripe scam can occur in various formats because scammers use different tactics to trick and convince victims to send them money. 

In this article, we explore popular Stripe scams and ways to avoid and protect yourself from them.

Do Scammers Use Stripe?

Stripe doesn’t have a digital wallet like Apple Pay or CashApp, which allows users to store some money. It’s a payment gateway allowing customers to use their preferred payment method on an organization’s website or app. 

Stripe serves as a bridge between the brand’s website and payment networks, like Visa or Mastercard, making it easier to process incoming payments.

Although Stripe operates as a connector and not a wallet, there are still many ways scammers use the service to commit crimes, like phishing. Learn more about these tactics and techniques below. 

3 Recent Stripe Scam Tactics To Look Out For

Most Stripe scams are carried out in different formats, but the goal remains to swindle Stripe users by pretending to be someone else. These are a few Stripe scams to look out for:

1. “Received payment” phishing scam
2. “Invalid account” phishing scam
3. “We don’t recognize this device” scam

“Received Payment” Phishing Scam

This scam targets Stripe users by sending them a fake email or text message claiming they’ve received a payment via Stripe. It’s a phishing scam where the fraudster poses as Stripe, mimicking their communication pattern and even designing the email or text message to look similar to Stripe’s.

In the email or text message sent, the scammer provides a link redirecting the victims to a malicious website. Once again, the website is designed to look identical to Stripe’s original login page. 

The victim will find a short form on the fake login page asking them to fill in their login details to access the payment. If they fall for this scam and fill out the form, the scammers steal their login information through the fake page.

With this information, they can access the victim’s Stripe account, drain the funds within, and even steal further sensitive data to commit other financial crimes.

“Invalid Account” Phishing Scam

One of the popular ways fraudsters scam victims is by pretending to be Stripe officials. They pose as customer support representatives from Stripe, gaining the customers’ trust faster. However, they usually leverage different stories as bait.

In this scam, the customer receives a fake email from what appears to be the Stripe support team. The email claims that the Stripe user’s account details are invalid and need to be “updated before they can receive pending payments.”

This added clause triggers victims to take urgent action so as not to delay their expected payments. Of course, the email provides malicious links that redirect victims to websites designed to look like Stripe’s genuine site. 

Each website is tasked with different activities:

1. The first website steals the user’s Stripe login details
2. The second one collects their banking information
3. The third one steals their bank login data

At the last step, when the customer attempts to sign in, they receive an error message that indicates they entered the wrong login details. The fake site then redirects the victim to the original Stripe login page, making it hard for the victim to realize they’ve just been scammed.

To make scams harder to detect and evade, scammers make it impossible for victims to hover over the links or sender’s address when they receive the email. This way, users are forced to click on the malicious links. 

“We Don’t Recognize This Device” Scam

This Stripe scam is particularly hard to detect because fraudsters often replicate information they see on Stripe’s legitimate alerts in their fraudulent emails, making it hard to spot the phishing.

You get a fake email notification alerting you about a new device sign-in to your Stripe account. The email could read, “We don’t recognize this device that was just used to sign in to your Stripe account,” and it may also include information about a fake IP location. 

The email further urges you to update your password through a linked button. Unknown to you, the link redirects users to a malicious site. 

The email looks genuine because the scammer copied the exact message Stripe uses in a similar email alert, making it tough to spot the scam attempt. The fraudsters further tighten their efforts by evading tell-tale signs that hint at a scam, including:

Tell-Tale Scam Signs	How Scammers Evade Them
Poor grammar	The scammers use proper spelling and punctuation in the email, with natural-sounding, fluent English
Urgency and pressure tactics	They use just the right dose of urgency to hurry customers along while also being polite to the customer
Bad URLs and random servers	The fraudsters use an unassuming, regular-looking URL with https protection. They also host the website on a proper server, not a freebie server

All of these point to the fact that the scam is more difficult to detect by an untrained eye, so caution is necessary.

How To Report a Stripe Account Scam

If you already fell victim to a Stripe scam, there are some procedures to follow to secure your account. They include:

1. Contacting Stripe
2. Reporting to your bank

Contact Stripe

File a complaint to Stripe informing them about the scam using a complaint submission form—select “Financial connections” to fill it out. You can also send an email to [email protected] and contact Stripe support immediately.

If you’re dealing with an unauthorized charge that occurred through any of Stripe’s products, such as Corporate Card or Stripe Issuing, here’s how to handle it:

• Corporate Card—Visit your dashboard and choose the fraudulent transactions that appear under Corporate Card. Select the three-dot icon at the top right, then choose “Dispute Transaction” to complete the report. Email [email protected] to report the card missing and prevent further charges to the account
• Stripe Issuing—Go to the fraudulent transaction on your dashboard and click the “Dispute Transaction” button. Fill in the required details, including evidence that could help the case. When done, submit the form and monitor the dispute status over the next 90 days 

Report to Your Bank

It’s always important to update your bank on fraudulent activity so they can keep an extra eye on your account or offer additional protection on your funds. Contact your bank’s fraud department or any financial institution linked to your Stripe account, informing them that you recently fell victim to a scam. 

The fraud team will advise you on the next steps to keep your account safe.

Protecting Your Account From Stripe Scams—Practical Tips

Phishing scams are one of the main ways through which scammers lure and trap victims into sending them money. Use the following best practices to keep your account safe from their tactics:

• Never use a login link in an email—Unless you’ve confirmed that a communication is from a verified sender, don’t click login links found in an email because scammers embed malicious links in buttons or email links. If you must log in, go to the site’s login page through your browser to review your account
• Learn more about Stripe’s verified domains—Scammers successfully phish victims by preying on their naivety. Before taking any action, carefully review domains that claim to be Stripe using this list of verified Stripe domains. Look out for typos like “Stirpe.com” to avoid phishing attacks
• Enable two-step verification on your account—In addition to a strong and unique password, activate two-factor verification on your Stripe account for an added layer of security. This way, if someone tries to hack your account using your login details, you still need to authenticate access before they can get in
• Move your large savings out of your regular checking or savings account—If a breach ever occurs on your Stripe, scammers can easily access and empty your other financial accounts. Storing your savings in high-security digital storage like FortKnox helps mitigate such risks