Robinhood is warning customers about fake “Your recent login to Robinhood” emails that appeared to come from [email protected]. The company says attackers abused an account creation flow on Sunday to trigger these messages from its own notification system.
Because the emails were generated by Robinhood’s infrastructure, they carried the correct sender address and normal branding. Many users therefore believed they were genuine security alerts about new logins, not phishing attempts crafted to steal credentials.
How Attackers Turned a Login Alert Into a Trap
According to security researchers, the attackers created or modified a Robinhood account in a way that allowed them to inject code or links into the device name field. Robinhood’s system then pulled that unfiltered field directly into its automated “recent login” email template.
As a result, users received legitimate-looking alerts that included a malicious “Review activity” or similar button. Clicking the link led to a fake login page that asked for usernames, passwords, and sometimes two-factor codes, giving attackers everything they needed for an account takeover.
Robinhood’s Advice: Delete and Do Not Click
Robinhood issued a warning on Sunday, advising users to delete any unexpected emails that said, “Your recent login to Robinhood.” Even if the sender address appears to be genuine, the company emphasized that users should not click embedded links or buttons in those warnings.
Robinhood recommends that customers open the official app or type robinhood.com into a browser to see recent login activity. Users should change their password, update their two-factor authentication settings from within the app, and examine any connected devices if anything seems off.
Security firms claim that since 2023, there has been a significant rise in phishing attempts with a Robinhood theme as more people trade stocks and cryptocurrency on mobile devices. To incite fear, thieves mimic official branding, fabricate phone numbers, and manufacture plausible alerts about unidentified devices or account irregularities.
Even if a surprise security message seems to originate from a reliable source, experts advise evaluating it as suspicious. To lessen the harm caused by stolen credentials, they suggest using unique passwords and app-based 2FA, avoiding login URLs in emails or texts, and verifying the URL behind every button.
READ MORE: Pi Network Price Eyes a 47% Jump Ahead of Chengdiao Fan, Kokkalis Speeches
