This afternoon, security researcher and blogger Brian Krebs shared a link to a Robinhood corporate blog post disclosure of a “security incident”:
The Robinhood investment platform claims that a security incident led to the theft of email addresses for around 5 million customers. It is safe to expect a slight increase in phishing programs targeting Robinhood users. https://t.co/imYNlRIXXX
– briankrebs (@briankrebs) November 8, 2021
As a result of the incident, approximately 5 million Robinhood customer email addresses were stolen. Krebs suggested that there will be “an increase in phishing schemes targeting Robinhood users. “
I imagine typo domain names are a big source of phishing emails. Domain names that can easily be mistaken for the Robinhood.com domain name could be used in phishing campaigns to trick Robinhood customers into forfeiting login and account information. Additionally, domain names other than .com could also be used in a confusing manner. Defensive domain name registration is a major aspect of domain name management in large companies.
Hopefully Robinhood has an internal domain name management team that can help the company prevent phishing attempts. If they don’t, hopefully the company is working with a domain name management company for the same reason.
Comments are closed.