Robinhood Users Targeted by Gmail Dot Trick Phishing Attack

TLDR

• Scammers used Gmail’s dot alias feature to send fake Robinhood login alert emails that looked completely real
• Fraudsters created Robinhood accounts with dot-altered email addresses to hijack automated emails
• HTML was injected into the “device name” field to embed phishing links into legitimate Robinhood emails
• The fake emails passed SPF, DKIM, and DMARC checks, making them hard to detect
• Robinhood confirmed no systems were breached and no funds or personal data were affected

Robinhood users received phishing emails that looked like they came directly from the company’s mail server. The emails warned of an unrecognized device login and included a button linking to a fake login page.

NEW: ROBINHOOD WARNS THAT FAKE “YOUR RECENT LOGIN TO ROBINHOOD” EMAILS FROM noreply@robinhood.com WERE SENT SUNDAY VIA ABUSED ACCOUNT CREATION FLOW – DELETE AND AVOID LINKS pic.twitter.com/NUATOZMEwh

— DEGEN NEWS (@DegenerateNews) April 27, 2026

The attack was first reported on social media on Sunday, with multiple users sharing screenshots of the suspicious messages.

Cybersecurity researcher Alex Eckelberry confirmed the campaign was not the result of a hack. Instead, it exploited two weaknesses: Gmail’s dot alias behavior and flaws in Robinhood’s account creation process.

Robinhood's email service SendGrid (not on 𝕏 )@twilio is hacked or somehow verified a robinhood.com domain sending out phishing emails @RobinhoodApp @AskRobinhood

Received: from http://o2.email.robinhood.com (http://o2.email.robinhood.com. [50.31.40.73]) pic.twitter.com/keMphoUU1y

— David Gobaud (@davidgobaud) April 27, 2026

Gmail ignores dots in email usernames. So “jane.smith@gmail.com” and “janesmith@gmail.com” go to the same inbox. Robinhood, however, treats them as two separate accounts.

Scammers used this gap to create Robinhood accounts using a version of the target’s email address with the dot removed. This caused Robinhood’s system to send automated emails to the target’s real inbox.

How the Phishing Link Got Into the Email

To get a malicious link into those automated emails, attackers entered HTML code into Robinhood’s optional “device name” field during account setup. Gmail read that HTML as formatting instructions.

The result was a real email sent from “noreply@robinhood.com” that contained a fake warning and a working phishing button. It passed all standard email authentication checks.

Eckelberry said visiting the fake website alone would not compromise an account. The risk only kicks in if a user enters their password or other login details on the fake page.

Robinhood’s support account on X confirmed the incident on Monday. The subject line of the phishing email was “Your recent login to Robinhood.”

Robinhood’s Official Response

The company said the issue was an abuse of its account creation flow, not a breach of its systems. It stated that no personal information or funds were impacted.

Robinhood advised users to delete the email and avoid clicking any suspicious links. Users who did click were told to contact Robinhood directly through the official app or website.

The attack comes after blockchain security firm Hacken reported that phishing and social engineering attacks were the top threat in crypto during Q1 2026.

Hacken said those attacks caused around $306 million in losses in the first three months of the year alone.

Robinhood has not yet announced specific changes to its account creation process in response to the incident.

The post Robinhood Users Targeted by Gmail Dot Trick Phishing Attack appeared first on CoinCentral.