SecureWorld News

How to Spot a Fake Robinhood Email

Written by Drew Todd | Mon | Aug 2, 2021 | 9:37 PM Z

Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency. With 18 million users, it is one of the most popular trading apps available.

But it is also popular with hackers and cybercriminals, too.

Earlier this year, Robinhood sent out a message to its users, warning of some phishing emails claiming to be a "Security Alert" with links to fake Robinhood websites.

Here is how the company describes the threat of phishing emails:

"Phishing is a common way scammers try to trick you into giving them personal information such as an account username and password, Social Security number, or other personal information. Phishing attempts come via email where scammers use different social engineering tactics to pose as a reputable sender like the IRS, your bank or brokerage firm.

Similar social engineering attempts may take the form of a phone call, postal letter or text message. When successful, these phishing scammers can gain access to important accounts such as your email or bank accounts and can result in identity theft, financial loss, or both."

How to spot phishing emails

Phishing emails are difficult because they can be hard to pick out. Sometimes it is obvious; the subject of the email has nothing to do with you, or you don't recognize anything mentioned in the email.

Other times it can be difficult to tell if an email is legitimate or not, especially a well-crafted and targeted email. For example, some Robinhood users received an email discussing tax documents, which would be important for every user to look through.

Another phishing campaign used texts to notify the user they had won a monthly challenge and could claim a $1,000 prize.

But upon closer inspection, you can see the sender and links contained in the message are not legitimate. Here are two examples of these phishing attempts:

5 ways to spot phishing emails

In a notice to Robinhood users, the company lists five ways to avoid being scammed through phishing. Here are the best practices described:

  1. The sender's email domain (the web address that comes after the @ symbol): While the sender name may say "Robinhood", the email domain should be an authentic Robinhood domain:
  • Authentic domain examples: @robinhood.com. Shareholder-specific communication: @proxydocs.com, @proxypush.com, @prospectusdocs.com
  • Fraudulent domain examples: @robinh00d.com, @gmail.com, @yahoo.com
  1. Language: Look out for typos, grammatical mistakes, awkward language, or missing words or spaces.

  2. Links: Instead of clicking on links, login to the Robinhood app or Robinhood.com directly. Links in phishing emails could direct you to a fake website asking for your sensitive information, such as your username and password, account information, or Social Security number.

  3. Downloads & Attachments: Phishing emails may include attachments claiming to be a 1099 Tax document or other important files. These frequently contain malware that can infect your device. Be especially wary of .zip, .exe, .doc files.

  4. Fake prizes or gifts: Scammers may also contact you with attractive offers for free stock or other enticing deals to lure you in. Always be careful when clicking on links in text messages and emails that you don’t expect or recognize—especially if they sound too good to be true.

For more information on Robinhood phishing campaigns and ways to avoid being scammed, read this page: How to Identify & Report Scams.