Fake Stripe Payout Hold — Account Takeover Scam
Fraudsters send emails claiming Stripe has placed a hold on the merchant's next payout due to a compliance review and direct them to a fake Stripe dashboard to resolve it — harvesting login credentials and 2FA codes to take over the Stripe account.
Part of: Account Takeover Scams
Last reviewed: 7 June 2026
Stripe's payout system deposits funds to a merchant's bank account on a regular schedule. Because merchants depend on these payouts for cash flow, a message claiming a hold has been placed creates immediate financial anxiety — anxiety that scammers exploit to override the recipient's usual caution.
The fake payout-hold email arrives from an address mimicking Stripe's compliance team. It states that a recent review of the merchant's account has identified a compliance issue and that the current payout cycle has been paused pending resolution. A 'Resolve Issue' button leads to a pixel-perfect replica of the Stripe dashboard login page, capturing the merchant's email and password.
After login, the fake dashboard may display a convincing compliance checklist, asking the merchant to re-enter payment card details, upload business documents, or confirm their bank account — all of which feed sensitive data to the attacker. Simultaneously, the attacker uses the stolen credentials on the real Stripe dashboard to change payout bank details to their own account.
How this scam works on the Stripe brand
Real Stripe compliance holds and payout delays are communicated through the actual Stripe dashboard at dashboard.stripe.com, which the merchant can access independently by navigating directly to the URL. Genuine emails from Stripe about payout issues originate from @stripe.com and direct merchants only to dashboard.stripe.com — never to a third-party URL.
The fake dashboard is designed to feel interactive: merchants may see a fabricated 'payout details' page showing their expected settlement amount on hold. This level of detail makes the scenario feel credible. In reality, the merchant's real Stripe dashboard, accessed directly at dashboard.stripe.com, would show the payout status accurately — and in most cases there would be no hold at all.
Some sophisticated campaigns use a real-time reverse proxy that forwards requests to the genuine Stripe dashboard while intercepting credentials and session tokens. This means the merchant is essentially interacting with the real dashboard through the attacker's infrastructure, making the fake site functionally indistinguishable from the real one — until the attacker acts.
Common red flags
- A payout-hold notice from an email address other than @stripe.com
- The 'Resolve Issue' link does not go to dashboard.stripe.com on hover
- A compliance checklist on a fake dashboard that asks for card details or document uploads
- An OTP or authentication code request that arrives while you are on the fake site
- The merchant's real Stripe dashboard shows no corresponding hold when accessed directly
- Urgency language: 'Payout will be permanently cancelled if not resolved within 48 hours'
- A request to re-enter or update the payout bank account details via an external link
How to protect yourself
- Always navigate to dashboard.stripe.com directly — never via a link in an email
- Enable two-factor authentication on your Stripe account using an authenticator app
- Verify your payout bank account in Stripe settings regularly and check for unauthorised changes
- Contact Stripe support at support.stripe.com if you have concerns about a payout delay
- Use a password manager that only fills on stripe.com domains to prevent phishing page entry
- Brief your finance team on this attack pattern so multiple eyes can catch suspicious emails
- Set up email notifications for payout-bank-account changes in Stripe's notification settings
How to report it
- Forward phishing emails to [email protected]
- Report through Stripe's support portal at support.stripe.com
- If payout bank details were changed, contact Stripe support immediately to revert them
- File a complaint with the FTC at reportfraud.ftc.gov
- Report to the FBI's IC3 at ic3.gov if funds were diverted
Frequently asked questions
How does a real Stripe payout hold appear?
A genuine Stripe payout hold shows as a notice inside your Stripe dashboard when you log in at dashboard.stripe.com. You will receive an email from @stripe.com, but the authoritative source is always the dashboard itself.
Can attackers really change my Stripe payout bank account through a phishing attack?
If an attacker obtains your Stripe login credentials and 2FA code, they can change payout bank account details from within the dashboard. Enable two-factor authentication and review your payout settings regularly to detect any unauthorised changes.
How quickly do payout changes take effect in Stripe?
Stripe typically requires a short verification period before a new payout bank account becomes active. Reporting a compromised account to Stripe quickly through support.stripe.com may allow them to intercept a payout to an attacker-controlled account.