A phishing campaign targeting users of the online payment service, Stripe, has been observed. Cofense reports the online payment facilitator has been used as the basis for the ruse. The email informs users that certain details of their Stripe account are invalid and need to be corrected to prevent immediate disabling of their account. The phish uses an obfuscated button directing users to click the link to login. The use of HTML’s tag reveals only a tag for the user to review their details when the button is hovered over. The button destination is an imitation login page for Stripe that actually contains three separate login pages. These pages are used to harvest credentials and eventually redirect victims back to the legitimate login site.