David Schwartz has issued a warning about a phishing campaign that used fake security alerts appearing to come directly from Robinhood. The emails were especially convincing because they passed standard authentication checks, making them look like legitimate communications sent through the company’s real email system.
Robinhood later acknowledged the issue, explaining that it was caused by abuse of its account creation process rather than a direct breach of its internal systems.
How the Phishing Emails Appeared Legitimate
According to Schwartz, the fraudulent email carried the subject line “Your most recent login to Robinhood” and claimed there had been a suspicious login attempt from a device labeled “Phone 17 Pro.” It also mentioned that a phone number linked to the account would soon be updated.
The message included a “Review Activity Now” button along with a warning that any confirmed changes could not be undone. This type of urgent language is commonly used in phishing attempts to pressure recipients into acting quickly without verifying the message.
Schwartz noted that while he was unsure of the exact method used, the emails appeared to have been inserted into Robinhood’s legitimate email infrastructure. Because email security systems often rely on verifying the sender’s domain, the messages were able to bypass filters and appear authentic in users’ inboxes.
Robinhood’s support team confirmed that some users received fake emails sent from an address resembling its official noreply account. The company emphasized that no systems were hacked, no user data was exposed, and no funds were compromised. It advised users to delete the emails, avoid clicking any links, and reach out through the official app if they had concerns.
A Growing Trend of Crypto Phishing Attacks
The incident quickly drew reactions online, with some questioning how such a large platform could be exploited in this way. Others pointed out that scams often increase during periods of market uncertainty.
A developer known as Dpac reported receiving a similar phishing message from attackers posing as XRP Cafe and highlighted another wave of scams spreading through compromised social media accounts that send malicious links via direct messages.
This event is part of a broader pattern. Earlier in the year, users of Ledger were targeted after a data breach involving a third party partner exposed customer information. Attackers followed up with fake notifications designed to trick users into revealing wallet recovery phrases.
Data from Scam Sniffer showed that phishing related losses surged by 207 percent in February compared to December, resulting in 6.27 million dollars in losses across thousands of cases. Tactics included wallet poisoning and deceptive transaction approvals.
In addition, the Federal Bureau of Investigation warned users on the Tron network about fake tokens impersonating the agency and directing victims to websites designed to steal wallet credentials.#crypto#cryptonews https://coinsignals.net https://t.me/coinsignalpublic
