This afternoon, security researcher and blogger Brian Krebs shared a link to a Robinhood corporate blog post disclosing a “security incident:”
Investment platform Robinhood says a security incident led to the theft of email addresses for ~5 million customers. It’s safe to expect an uptick in phishing schemes targeting Robinhood users. https://t.co/imYNlRIXXX
— briankrebs (@briankrebs) November 8, 2021
As a result of the incident, around 5 million Robinhood customer email addresses were stolen. Krebs suggested that there will be “an uptick in phishing schemes targeting Robinhood users.”
I would imagine that typo-domain names are a big source of phishing emails. Domain names that can easily be confused with the Robinhood.com domain name could be used in phishing campaigns to trick Robinhood customers into giving up login and account details. In addition, non-.com domain names could also be used in a confusing manner. Defensive domain name registration is a major aspect of domain name management at large companies.
Hopefully Robinhood has an internal domain name management team that can help the company prevent phishing attempts. If they do not, hopefully the company is working with a corporate domain name management company for the same reason.
poor robin customers.
I mean robinhood customers da.
“Robinhood” is such an ironic name since they intervened to serve the interests of the rich and powerful and totally screw the little guy during the big victory for regular people involving GameStop and a few other shares.
You see, only the elite rich and powerful are allowed to screw everyone else and make millions doing that; the American people are not allowed to win themselves and beat them at their own game.
But in our little world of domaining, pretty clear some are also the friend of the “establishment” themselves, so this might not exactly resonate that much around here unfortunately…
They definitely need better domain management. I know a few companies that i’m sure would help them out.
They need better domain monitoring and domain protection, as well.