top of page
Search

Robinhood OTP Scam

  • Writer: Angela Darling
    Angela Darling
  • 4 days ago
  • 2 min read

Hello. My name is Dr. CyberEye. I break down complicated cybersecurity stuff and explain it in a simple way to the average user.


Baddies are out there. Learn how to protect yourself.



In today's installment of "Nice try, bad guy" crime, I have been seeing a huge increase in phishing attempts in the guise of coming from stock and financial trading company Robinhood. It is unclear if this is a broader phishing scheme or a spearphishing attack (as I did have a Robinhood account that likely was compromised as part of a broader breach in Nov. 2021) but it has definitely picked up in frequency.


For those who have never used Robinhood and if you do see the below message(s) in your email, you know the drill. DO. NOT. CLICK. For those who have used Robinhood in the past, I will repeat what I said above: DO. NOT. CLICK. We will break down the screenshot below as per usual. https://www.securityweek.com/robinhood-vulnerability-exploited-for-phishing-attacks/


As you can see, SecurityWeek recently released an article about this very breach and subsequent phishing campaign. Let's break down the screenshots below:




This one tries to appeal to your fear. It states a recent access to your account was detected and it's meant to scare you into bypassing your logic and clicking on things you shouldn't. Before clicking, ALWAYS do the following first.


The email address this is coming from is support@xenonsmart.com, not from a Robinhood domain name. If it was a legitimate email address coming from Robinhood, it would have come from an email address like "support@robinhood.com" instead. That is the first red flag. I dug a little bit deeper. I looked up this Xenon Smart organization. Red flags all over the place. The website looked pretty shoddily put together, and then when I clicked on "Shops/Stores," all the locations were located overseas. A bit of an odd element for Robinhood, eh? Considering Robinhood is based out of Menlo Park, California?


Finally, the phone number listed on the suspicious email does not come up as belonging to Robinhood. Rather, Robinhood's support number, according to their website, is a 650 area code.


I know it's been a while but wanted to keep you all abreast of what I've been seeing lately. As always, stay watchful and vigilant!


Dr. C

 
 
 

Comments

bottom of page