""This phishing attempt was made possible by an abuse of the account creation flow. It was not a breach of our systems or customer accounts, and personal information and funds were not impacted.""
""Experts who analyzed the phishing emails said the attackers created new Robinhood accounts using modified versions of existing Gmail addresses via the so-called 'dot trick'.""
""During signup, the attackers injected malicious HTML code containing phishing links into device name fields, triggering legitimate 'recent login' notification emails from Robinhood.""
Robinhood confirmed that cybercriminals exploited a vulnerability in its account creation process to send phishing emails. Users reported receiving suspicious emails that appeared legitimate. The emails originated from '[email protected]' with the subject 'Your recent login to Robinhood'. Attackers created new accounts using modified Gmail addresses, allowing them to inject malicious HTML code into device name fields. This triggered legitimate notifications from Robinhood, making the phishing attempts highly convincing. No personal information or funds were impacted, and the incident did not involve a breach of Robinhood's systems.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]