This afternoon, security researcher and blogger Brian Krebs shared a link to a Robinhood corporate blog post disclosing a “security incident:”
Investment platform Robinhood says a security incident led to the theft of email addresses for ~5 million customers. It’s safe to expect an uptick in phishing schemes targeting Robinhood users. https://t.co/imYNlRIXXX
— briankrebs (@briankrebs) November 8, 2021
As a result of the incident, around 5 million Robinhood customer email addresses were stolen. Krebs suggested that there will be “an uptick in phishing schemes targeting Robinhood users.”
I would imagine that typo-domain names are a big source of phishing emails. Domain names that can easily be confused with the Robinhood.com domain name could be used in phishing campaigns to trick Robinhood customers into giving up login and account details. In addition, non-.com domain names could also be used in a confusing manner. Defensive domain name registration is a major aspect of domain name management at large companies.
Hopefully Robinhood has an internal domain name management team that can help the company prevent phishing attempts. If they do not, hopefully the company is working with a corporate domain name management company for the same reason.