By Sunday evening, hackers used Robinhood’s personal notification pipeline to render their assault.
Evaluation of the exploit went viral on social media quickly after.
Robinhood phishing emails have been ‘kinda beautiful’
Safety researcher Abdel Sabbah posted an evaluation of the occasion, calling it “kinda beautiful” with a sinister connotation. Sadly, he was proper.
The final word purpose, like nearly all phishing campaigns, was to steal buyer’s cash — on this case, from their Robinhood account.
Assume earlier than you click on on any electronic mail
Conventional anti-phishing recommendation tells customers to verify the sender area and search for authentication failures. None of that helped right here. The area appeared actual. The signatures appeared actual. Solely the intent was prison.
Protos reached out to Robinhood for remark however didn’t obtain a reply previous to publication time. In Nasdaq buying and selling in the present day, the frequent inventory of Robinhood opened flat for buying and selling relative to Friday’s closing print.
