The hackers’ actions triggered legitimate ‘recent login’ notification emails from Robinhood, which rendered the unsanitized HTML and embedded clickable phishing links.The emails passed all authentication checks since they originated from Robinhood’s own systems, making them highly convincing.Robinhood suffered adata breachback in 2021 and the attackers stole millions of names and email addresses. This phishing attack may have leveraged email addresses stolen at the time, or the attackers may have used externally sourced or guessed Gmail addresses.Related:Security Firm Executive Targeted in Sophisticated Phishing AttackRelated:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in AttacksRelated:Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
The emails passed all authentication checks since they originated from Robinhood’s own systems, making them highly convincing.Robinhood suffered adata breachback in 2021 and the attackers stole millions of names and email addresses. This phishing attack may have leveraged email addresses stolen at the time, or the attackers may have used externally sourced or guessed Gmail addresses.Related:Security Firm Executive Targeted in Sophisticated Phishing AttackRelated:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in AttacksRelated:Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
Robinhood suffered adata breachback in 2021 and the attackers stole millions of names and email addresses. This phishing attack may have leveraged email addresses stolen at the time, or the attackers may have used externally sourced or guessed Gmail addresses.Related:Security Firm Executive Targeted in Sophisticated Phishing AttackRelated:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in AttacksRelated:Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
Related:Security Firm Executive Targeted in Sophisticated Phishing AttackRelated:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in AttacksRelated:Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
Related:Tycoon 2FA Loses Phishing Kit Crown Amid Surge in AttacksRelated:Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
Related:Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.
Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.
Neill Feather has been named Chief Executive Officer at Point Wild.
Source: SecurityWeek
