You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Hackers Siphon Robinhood Accounts

Weeks later, thousands of investors are locked out and money is missing.

Hackers Siphon Robinhood Accounts

It's some kind of double negative. Steal from the ones who steal from the rich to give to the poor.

If you're not familiar with Robinhood - it's the wildly popular stock trading app that flipped the traditional brokerage model on its head. Appropriately named, they are a Silicon Valley darling that offers commission-free stock trades, leaving more money in your pocket and not the brokerage firm's vault.

Then she checked her email’s trash bin and discovered someone had accessed it, setting it up to intercept messages from Robinhood.

It's the appeal of free trades that got an astounding 13 million people to open accounts. It seems the Pandemic lockdown turned all of these millions into day traders... but we'll stay on topic here!

We've been told to trust our financial services providers, but it's not always that simple. In fact, FINRA (the regulator for Robinhood) has even had its challenges with hackers posing as officials and cybercrime groups hosting a malicious lookalike FINRA website.

Things turned ugly in recent weeks for some of these investors. Thousands watched in horror as trade and balance notifications appeared on their phones. These weren't their trades, but it was their money. Once the trades were executed, their account balances were siphoned out.

Robinhood asserts that these customers' brokerage accounts were compromised only after the cybercriminals breached their personal email accounts. This proved true after one millennial client investigated her email only to find the hackers had set up email rules to intercept the support messages from Robinhood.

The forgery had her information, a photo of a different person and a font that doesn’t match Arizona’s official state IDs.

Robinhood initially froze the young trader's account, but she quickly learned that changed after the hacker submitted a fake ID to the broker. The forged ID had her personal information but a different photo, and it was good enough to convince Robinhood to unfreeze the account.

From there, the hacker swiped the account's cash balance.

Sadly, this happened thousands of times over. Many people have lost a lot of money.

The good news is that these hacks can be stopped!

Here are some quick tips:

  • Never re-use the same password (yes, we know it's annoying! But is losing your life savings not worth it?)
  • Always enable 2 factor authentication when able (why not? it's free)
  • Check your financial accounts regularly (good habit, like brushing your teeth)

And if you're wondering how to protect your company, the first step is training your team to avoid the initial Phishing email, like the ones that these victims fell for.

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

To get a quote, set up a call with our (non-pushy) sales team here!

Original article here.

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.