ROBINHOOD has confirmed that cybercriminals exploited a vulnerability in its account creation flow to send out legitimate-looking phishing emails, with recipients lured to phishing websites. The emails reportedly came from “[email protected]” and carried the subject line “Your recent login to Robinhood,” and were part of a phishing campaign observed over the weekend.
According to Robinhood, the attackers used modified Gmail addresses via the dot trick to create new accounts that Gmail would point to an existing Robinhood account, while malicious HTML containing phishing links was injected into device name fields during signup.
The phishing emails triggered legitimate “recent login” notifications from Robinhood, rendering the unsanitised HTML highly convincing, though Robinhood stressed that there was no breach of its systems or customer accounts and personal information and funds were not impacted. The piece notes that Robinhood previously suffered a data breach in 2021 in which millions of names and email addresses were stolen, which the attackers may have leveraged for this campaign, according to Eduard Kovacs, SecurityWeek. 28 April 2026.