عاجل
DEPatient in Berliner Krankenhaus erstochenKR미술서비스업 신고제 시행 앞두고 권역별 설명회 개최KRSouth Korea to Revamp Regulations for AI Adoption in Service SectorRUРоссийские БПЛА перекрыли пути снабжения ВСУ на Добропольском направленииARتأجيل مباراة إنجلترا والمكسيك بسبب الطقس، ونيمار يبكي بعد خروج البرازيل من المونديالKR교양지 월간 '샘터', 소장 컬렉션 및 원화 60점 경매 출품KR무신사, 여름 휴가철 앞두고 '바캉스 잡화위크' 진행KR베네수엘라 지진 사망자 3,342명으로 늘어…국제구조대 25개 팀만 남아ARهل يمكن أن يكون اتفاق وقف إطلاق النار مع إيران مفصلياً مثل معاهدة فرساي؟KRGo Woo-suk Reportedly Traded to Minnesota Twins, Nearing MLB DebutDEPatient in Berliner Krankenhaus erstochenKR미술서비스업 신고제 시행 앞두고 권역별 설명회 개최KRSouth Korea to Revamp Regulations for AI Adoption in Service SectorRUРоссийские БПЛА перекрыли пути снабжения ВСУ на Добропольском направленииARتأجيل مباراة إنجلترا والمكسيك بسبب الطقس، ونيمار يبكي بعد خروج البرازيل من المونديالKR교양지 월간 '샘터', 소장 컬렉션 및 원화 60점 경매 출품KR무신사, 여름 휴가철 앞두고 '바캉스 잡화위크' 진행KR베네수엘라 지진 사망자 3,342명으로 늘어…국제구조대 25개 팀만 남아ARهل يمكن أن يكون اتفاق وقف إطلاق النار مع إيران مفصلياً مثل معاهدة فرساي؟KRGo Woo-suk Reportedly Traded to Minnesota Twins, Nearing MLB Debut
Newsgather
BackRobinhood Phishing Attack Exploits Gmail Dot Alias and Account Creation Flaw
Robinhood Phishing Attack Exploits Gmail Dot Alias and Account Creation Flaw
يتطور
Cointelegraph28.04.2026تقنية2 dk okuma

Robinhood Phishing Attack Exploits Gmail Dot Alias and Account Creation Flaw

Sophisticated campaign sends legitimate-looking emails from Robinhood's official domain via email address manipulation

نظرة سريعة

  • Robinhood users are being targeted by a phishing attack that exploits Gmail's dot alias feature and flaws in Robinhood's account creation process.
  • Scammers create fake Robinhood accounts using email addresses that differ only by dots (e.g., [email protected] vs [email protected]), then inject malicious HTML into the device name field.
  • This sends emails from Robinhood's official noreply address that pass SPF, DKIM, and DMARC authentication, containing fake login warnings and phishing links.

ملخص مُنشأ بالذكاء الاصطناعي

لماذا يهم

This phishing attack exploits a known characteristic of Gmail that ignores dots in email addresses, combined with a flaw in Robinhood's account creation process that allows HTML injection in the device name field. The technique allows scammers to send emails that appear to come from Robinhood's official domain but contain malicious content.

حجم الخط

Robinhood users are being warned about a new phishing attack that takes advantage of Gmail's native "dot alias" feature and flaws in Robinhood's account creation process to send malicious emails. Robinhood users on Sunday began reporting on social media of emails originating from the platform's mail server warning of an unrecognized device login, which linked to phishing websites in the "call to action" button.

Alex Eckelberry, a cybersecurity researcher and tech CEO, said the phishing campaign wasn't the result of a hack but instead exploited a native Gmail characteristic that ignores dots in an email address, as well as a "couple of terrible holes" in Robinhood's account setup. It comes after blockchain security company Hacken reported earlier this month that phishing and social engineering attacks dominated crypto attacks in the first quarter of 2026, accounting for $306 million in losses.

Hackers created fake Robinhood accounts. Eckelberry said the scam relied on fraudsters creating an account on Robinhood with an email closely mimicking their target's email address. For example, a Robinhood user could have an email address such as "[email protected]." The scammer would create a new Robinhood account with an email without the dot in the middle, such as "[email protected]." While Robinhood would treat them as completely separate accounts, Gmail ignores dots in the username part of an email address. This means scammers could prompt Robinhood to automatically send emails intended for their fake account, but have them arrive in their target's inbox instead.

To get a phishing link into the automated email sent when a new Robinhood account is created, the scammers would then add HTML instructions to the optional "device name" field on Robinhood, which Gmail treats as formatting instructions.

"The result is a real email from '[email protected]' that passes SPF, DKIM, and DMARC. It looks completely legitimate but now contains injected fake warning text and a working phishing button. Clicking the button leads to a fake login site," Eckelberry said.

The email is only dangerous if information is added. Visiting the fake login website alone isn't enough for hackers to gain access to an account, Eckelberry said, but entering sensitive information such as passwords could allow bad actors to do so.

Robinhood's support account on X posted a statement on Monday confirming that some users received a falsified email from "[email protected]" with the subject line "Your recent login to Robinhood" and blamed the issue on an exploit of the "account creation flow."

"This phishing attempt was made possible by an abuse of the account creation flow. It was not a breach of our systems or customer accounts, and personal information and funds were not impacted," they said. "If you received this email, please delete it and do not click any suspicious links. If you have clicked a suspicious link or have any questions about your account, please contact us directly within the Robinhood app or website."

ما الذي يجب مراقبته

توقعات الذكاء الاصطناعي — احتمالات وليست حقائق

  • Robinhood will implement additional verification in account creation to prevent HTML injection

    مرجح · خلال أسابيع

  • Similar phishing campaigns may target other platforms using same technique

    محتمل · خلال أشهر

أسئلة مفتوحة

  • How many users received the phishing emails
  • Whether any users actually entered credentials on the fake site
  • What specific changes Robinhood will make to prevent this exploit

مواضيع ذات صلة

This article was originally published by Cointelegraph.

أخبار ذات صلة

المزيد حول هذا الموضوعrobinhood