RobinHood Customers Are About to Be Phished—Here's What it Will Look Like (Examples)

Robinhood's latest data breach of 5 million email addresses means that Robinhood users are about to encounter a wave of phishing attempts.


Cameron Craig
Updated 18 November 2021
RobinHood Customers Are About to Be Phished—Here's What it Will Look Like (Examples)
Key Finding

5 million Robinhood customers are about to receive phishing emails as part of a recent data breach. 


Key Risk

These phishing emails will impersonate Robinhood in an attempt to steal access to Robinhood accounts. 

Sections on this page
  1. What Happened?
  2. Here's What the Phishing Emails Will Look Like
  3. Here's How to Beat Fake Robinhood Emails
  4. Warning: It Might Be Very Convincing

With the recent data breach at Robinhood, customers can now expect that a phishing attack is coming their way.
 
As reported on Bleeping Computer the RobinHood data is now reported to be for sale for $10k+ on hacker forums. Samples of the data are shown by the forum poster and are considered to be authentic. 
 
Robinhood had already confirmed the breach and it is inevitable that the data is for sale somewhere. 

What Happened?

Robinhood reported a hack on November 8, 2021, and data was taken from their servers:

  • Email addresses for approximately five million users
  • Full names for a different group of approximately two million people
  • Several thousand phone numbers
  • Text entries that Robinhood is continuing to analyze. 
In an updated statement, Robinhood doesn't believe that Social Security numbers, bank account numbers, or debit card numbers have been taken. They also believe there has not been a reported financial loss, yet. With the data for sale, scammers will invest to buy the data and attempt to start the financial losses for Robinhood customers through phishing attempts. 

Here's What the Phishing Emails Will Look Like

With the data for sale, the best chance a scammer has to phish a user is to impersonate a service provider that the customer already knows and trusts. In this example, five million Robinhood users will be getting Robinhood branded emails, but they'll be fake. 

Robinhood Phishing Emails—Get Ready For These

In a data breach like this, the scammer who buys the email addresses will put in a lot of effort to replicate the Robinhood design and to make it look like it is legitimate. 
 
Here's what the phishing emails will look like (click to enlarge).
Example of a Robinhood phishing email
Robinhood users should expect phishing emails which look authentic. Look for these two key indicators to detect phishing attempts. (Click to enlarge.)

Here's How to Beat Fake Robinhood Emails

In the example above, there are still two warning signs of a scam—identifying these will always keep you safe:
  1. The sender's email address.
  2. The links.

1. Always Check the Sender's Exact Domain 

Robinhood states on their website that they will send you emails from:
Real and Fake Robinhood Email Sender Addreses
Make sure you only open emails from and @robinhood.com address.

Robinhood shareholders will also receive emails from: 
  • @proxydocs.com | @proxypush.com | @prospectusdocs.com

If you're a Robinhood user, never trust anything that is not from @robinhood.com exactly. 

2. Never Click On Links

Robinhood and many other companies rightly suggest never clicking on any links, including links from their authentic emails. 

Always open the app or go to the website directly.

Links in phishing emails are used to redirect you to an imposter website, which is the critical part of a phishing attack. If you always ignore links then you cannot be phished. 

In the example above, you can see that the body of the email has a link. This must be avoided to stay safe, even if you think you should trust the domain. 

Warning: It Might Be Very Convincing

For the scammers who will purchase the Robinhood data from the hacker, they will look to make the most of their investment and deliver the most convincing phishing attempts on Robinhood users. 
 
This will mean buying a convincing domain to send emails from (sending from @gmail.com or @yahoo.com won't cut it). 
 
At the time of publishing, there were many versions of the word 'Robinhood' domain names for sale.
 
Unfortunately, there were even domains for sale which could be acquired and which would be extremely convincing, like the domain "robinhood.security" which is for sale on GoDaddy. 
Robinhood domain name
At the time of publishing, the domain name robinhood.security was for sale and could easily be purchased by a scammer to run their email phishing campaign.
It would be very easy to glance at an email from [email protected] and think it was legitimate.
 
It is not. 
Robinhood-security-fake
Be prepared—this is a fake email address. Scammers will use look-alike domains to send their phishing attacks.
If the scammers did this, would all five million people who are about to be targeted, detect this address [email protected] as a fake?
 
Probably not. 
 
So just choose to never click on ANY links from Robinhood emails.
 
We wrote about some safety tips including the necessity of setting up 2FA for Robinhood in this articleEnabling 2-factor authentication for your Robinhood account will ensure that hackers won’t be able to access your account even if they have your username and password. 
 
Trust no one. Click on nothing. Change your password and enable 2FA immediately. 
 
Your details are for sale. 
hacker forum post for robinhood
Robinhood.com user details are for sale on this hacker forum post. (Source Bleeping Computer)

About This Article


Sources

https://www.bleepingcomputer.com/news/security/7-million-robinhood-user-email-addresses-for-sale-on-hacker-forum/

https://blog.robinhood.com/news/2021/11/8/data-security-incident


Share This Article to Help Others

Comments