"The emails warned recipients about suspicious activity, including an 'Unrecognized Device Linked to Your Account,' and urged them to act quickly."
"Attackers exploited a flaw in the platform's account creation process, injecting malicious HTML code into the 'device name' field during signup."
"Because this field wasn't properly sanitized, the injected code was rendered inside the legitimate email, effectively embedding a phishing message within a real notification."
"To deliver these emails to real users, attackers reportedly used a technique known as Gmail 'dot aliasing,' allowing them to create new accounts that would trigger notifications."
Over the weekend, Robinhood users received phishing emails warning of suspicious activity linked to their accounts. These emails, appearing to come from Robinhood's official address, urged users to review their account activity due to an unrecognized device. Attackers exploited a flaw in the account creation process, injecting malicious HTML code into the device name field, which rendered a phishing message within a legitimate notification. This made the emails appear authentic and difficult for users to identify as scams.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]