Robinhood Users Targeted by Phishing Campaign Exploiting Gmail Dot Alias Feature

Gate News message, April 28 — Robinhood users have been targeted by a phishing campaign that exploited Gmail's "dot alias" feature alongside weaknesses in the platform's account creation process. Attackers registered fake Robinhood accounts with slightly altered email addresses, leveraging Gmail's behavior of ignoring dots in usernames to route system-generated emails to legitimate users' inboxes.

The campaign involved injecting malicious HTML code through the optional "device name" field during account setup. This allowed phishing links and fake warning text to appear within official emails from "[email protected]" that passed authentication checks such as SPF, DKIM, and DMARC, making them appear legitimate to recipients. Users who clicked the phishing button were directed to fake login sites designed to capture their credentials.

Robinhood confirmed that the phishing emails did not result from a system breach but rather from abuse of its account creation flow. The company stated that personal information and funds were not impacted. Users were advised to delete suspicious emails and access their accounts directly through the official app or website rather than clicking unknown links.

The incident reflects a broader trend in the crypto sector, where phishing and social engineering attacks are driving significant losses. Security firm Hacken reported that such attacks accounted for $306 million in losses during the first quarter of 2026, highlighting how attackers increasingly target user behavior and platform design gaps rather than attempting direct system intrusions.