Summary

Robinhood users were targeted by a phishing campaign that exploited an HTML injection vulnerability in the platform's account creation process to send malicious links via legitimate system notifications.

Take Action:

If you've received any email from noreply@robinhood.com recently, especially security alerts about unrecognized devices or login activity, do not click any links, even though the email passes all authenticity checks and appears genuinely from Robinhood. Delete the message, and if you want to verify your account activity, open the Robinhood app or type the official website directly into your browser.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines