Fake Stripe, Square, or merchant payment processor phishing — fraudulent email impersonating Stripe, Square, or a payment processing platform claiming the recipient's merchant account has been restricted, suspended, or flagged for chargebacks or high-risk activity — directing them to verify their identity, provide business tax information, submit their SSN or EIN, confirm bank routing details, or click a link to resolve the restriction — a high-value phishing attack targeting business owners who depend on payment processing to accept customer payments

Phishing emails impersonating Stripe, Square, PayPal for Business, or other payment processors — claiming the recipient's merchant account has been restricted, suspended, or flagged due to elevated chargeback activity, suspicious transactions, or policy violations — then directing them to verify their identity, provide business tax documentation, submit their SSN, EIN, or bank routing number, or confirm payment details through a fraudulent portal to restore payment processing. Payment processor phishing is an extremely high-impact category targeting business owners who cannot afford to lose payment processing capability. Key facts: (1) Stripe account phishing is among the top-10 most reported business-targeted phishing categories — Stripe's 5M+ business customers across 120+ countries represent an enormous attack surface; a single compromised Stripe account may contain years of payment history, connected bank accounts, and customer card data stored for recurring billing; (2) The "chargeback" and "high-risk" lures are uniquely effective for merchant phishing — business owners know that elevated chargeback ratios (above 1% of Visa transactions) can result in genuine account termination, creating authentic-feeling urgency; fake chargeback notices exploiting this anxiety achieve high click-through rates; (3) The credential/data harvest from payment processor phishing is multi-layered: SSN + EIN enable full business identity theft and fraudulent business credit applications; bank routing + account numbers enable ACH fraud and payroll diversion; the Stripe/Square login itself may access stored customer payment methods and enable fraudulent payouts; (4) Stripe and Square will never request SSN, tax ID, or full bank routing details via email or through external links — all KYC and identity verification is conducted through the authenticated dashboard at stripe.com or squareup.com. Warning signs: non-official domain (not stripe.com, squareup.com, or square.com), account restriction or suspension urgency, SSN/EIN/bank routing requested via email link.