Schwartz<\/a>, the attack involves emails that appear to originate from Robinhood\u2019s own system, with authentication checks such as SPF, DKIM, and DMARC passing successfully, making the messages appear genuine to recipients.\u00a0<\/p>\n\u201cWARNING: Any emails you get that appear to be from Robinhood (and may actually be from their email system) are phishing attempts,\u201d he wrote in a post on X.<\/p>\n
Details shared by Schwartz show that the emails include a login alert listing time, device, and a case ID, alongside a prompt urging users to \u201cReview Activity Now.\u201d The message layout and branding mirror official communication, yet the embedded button reportedly initiates a phishing sequence designed to capture user credentials.<\/p>\n
<\/p>\n
Explaining the unusual delivery method, Schwartz said he believes the emails were \u201csomehow injected into Robinhood\u2019s actual email infrastructure,\u201d later describing the exploit as \u201cquite sneaky.\u201d\u00a0<\/p>\n
The ability to pass standard authentication checks increases the likelihood of users trusting the communication, according to his observation.<\/p>\n
Exploit tied to email system manipulation<\/h2>\n
Insight referenced by Schwartz from Abdel Sabbah outlines a possible attack vector involving Gmail\u2019s \u201cdot trick,\u201d which allows multiple variations of the same email address. Sabbah said attackers created a Robinhood account using such variations and assigned a device name embedded with malicious HTML code.<\/p>\n
Robinhood\u2019s system, according to Sabbah, does not sanitize this field, allowing the HTML payload to render inside official emails sent from [email\u00a0protected]. The result is a fully authenticated message that appears legitimate but contains hidden malicious elements.<\/p>\n
Phishing scams continue to target crypto users<\/h2>\n
Phishing attacks have continued to pose a persistent risk to cryptocurrency users, with multiple campaigns reported across wallet platforms in recent days.<\/p>\n
As previously reported by crypto.news, MetaMask users were targeted by a phishing campaign that promoted a fake two-factor authentication process, according to blockchain security firm SlowMist. The spoofed emails used MetaMask branding and included a countdown timer designed to pressure users into immediate action.<\/p>\n
SlowMist said victims who clicked the \u201cEnable 2FA Now\u201d prompt were redirected to a malicious website that requested their seed phrase, giving attackers full access to wallet funds. The firm noted that such campaigns often rely on small inconsistencies, including misspelled domains and unusual sender addresses, to bypass initial scrutiny.<\/p>\n
<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"
Ripple\u2019s former CTO David Schwartz has warned that a targeted phishing campaign has begun exploiting Robinhood users through seemingly legitimate emails ahead of the firm\u2019s earnings report. Summary David Schwartz…<\/p>\n","protected":false},"author":1,"featured_media":23228,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-26781","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/26781","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=26781"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/26781\/revisions"}],"predecessor-version":[{"id":26782,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/26781\/revisions\/26782"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/23228"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=26781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=26781"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=26781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}