Attackers Targeted Robinhood with Phishing Campaign
Attackers have targeted clients of stock-trading broker Robinhood with a phishing campaign planned to steal their credentials and spread malware utilizing counterfeit tax documents, the organization has cautioned.
Robinhood Markets, Inc. is an American financial services organization settled in Menlo Park, California, known for offering commission-free trades of stocks and exchange-traded funds through a mobile application presented in March 2015. Robinhood is a FINRA-managed broker-dealer, enlisted with the U.S. Securities and Exchange Commission, and is a member of the Securities Investor Protection Corporation. The organization’s revenue comes from three fundamental sources: interest earned on customers’ cash balances, selling order information to high-frequency traders (a practice for which the SEC opened an investigation into the company in September 2020), and margin lending. As of 2020, Robinhood had 13 million clients.
Robinhood, has confronted various regulatory and legal difficulties along the way, sent an email to clients Thursday warning of a phishing scam “that may have reached some of our customers.”
Attackers targeted clients in two ways, as per the email. One assault vector utilized phishing emails with links to counterfeit Robinhood sites provoking visitors to enter their login credentials, including authentication codes the organization uses to help guarantee the security of individuals’ accounts. Other emails saw assailants exploiting the tax season, requesting potential victims to download counterfeit tax files, for example, Form 1099—that included malware, as per the email.
“There tends to be an increase in these types of emails around tax season, so we ask that you be extra careful about how you access your Robinhood account,” as per the email. Robinhood recommended individuals check the strength of safety features of the application on their gadgets, manually eliminating any gadgets they don’t perceive from accessing and resetting passwords on the off chance that they believe they might be in danger. The organization likewise urged clients to reach out to its support team directly from the Robinhood application or its site.
One of the main grievances among Robinhood clients was that they couldn’t reach the company for support, causing regulators like the Securities and Exchange Commission (SEC) to become de facto customer support for the platform’s clients.