Robinhood users are being warned about a phishing Phishing Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Read this Term campaign that combines Gmail’s “dot alias” handling with weaknesses in Robinhood’s account creation system. The result is emails that appear legitimate but are designed to trick users into visiting fake login pages.

Singapore Summit: Meet the largest APAC brokers you know (and those you still don't!).

Users reported on social media that they had received messages that looked like routine security alerts from Robinhood. The emails claimed that a login had occurred from an unrecognized device. They also included a button urging users to review the activity.

Phishing Uses Gmail Dot Alias Abuse

Cybersecurity Cybersecurity Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer Read this Term expert Alex Eckelberry analyzed the scheme. He said there is no evidence of a breach of Robinhood’s systems. Instead, he pointed to abuse of Gmail’s handling of email addresses with dots and weaknesses in Robinhood’s account registration flow.

• FCA Reconsiders 7-Day IPO Research Delay Amid Concerns Over Costs and Market Risk
• CFI Posts $2.3 Trillion Q1 Volume as Client Activity and Deposits Rise
• IG Japan Confirms Potential Data Exposure of 163K Clients, but No ‘External Leak’

The attack starts with the creation of a fake Robinhood account. The attacker uses an email address that closely resembles the victim’s but removes dots. For example, john.doe@gmail.com is entered as johndoe@gmail.com. Robinhood treats these as different accounts. Gmail treats them as the same inbox.

As a result, system emails sent by Robinhood for the fake account are delivered to the real user’s inbox. These messages can include login alerts or account notifications and appear authentic because they originate from Robinhood’s infrastructure.

Eckelberry said attackers then exploit optional fields during account creation, such as the “device name” field. HTML code is inserted into these fields. Gmail processes this as formatting rather than plain text. This allows attackers to embed fake warning text and a malicious button inside a legitimate Robinhood email.

Emails Pass Checks, Content Manipulated Only

The emails pass standard authentication checks, including SPF, DKIM, and DMARC, because they are sent through Robinhood’s servers. Only the injected content is manipulated.

Clicking the button redirects users to a look-alike website designed to collect login credentials. Security experts say the site itself is harmless if only visited. The risk arises when users enter personal information.

Robinhood said its core systems and customer accounts were not breached. It also said no personal data or funds were affected. The company advised users to delete the emails and avoid clicking any links. It added that customers who interacted with the messages should contact support only through the official app or website.