Robinhood Markets, Inc. is an American financial services company headquartered in Menlo Park, California, that facilitates commission-free trades of stocks, exchange-traded funds and cryptocurrencies via a mobile app introduced in March 2015.
During our PreCrime internet scout of September 20th 2022 we identified suspicious markers across multiple vectors. One of those was this website spoof that could be targeting unsuspecting Robinhood customers.
Cryptocurrency scamming is becoming increasingly popular with over 1 billion USD lost since the beginning of 2021 according to the Federal Trade Commission.
Stealing crypto is incredibly attractive to scammers since there is no bank or centralised authority connected that can flag suspicious transactions. Additionally, once a crypto transfer has taken place it cannot be reversed, meaning that once the money gone you cannot get it back.
Target: Robinhood customers and clients or generally people interested in cryptocurrency.
After luring users to the site they will be asked to expose their personal and financial information, and buy/trade cryptocurrency through a chat site which will unknowingly be sent to the threat actor and transferred to their online account.
The malicious domain, robihood-support.info has been targeting Robinhood Markets Inc., an American financial services company that facilitates commission-free trades of stocks, exchange-traded funds and cryptocurrencies via a mobile app introduced in March 2015. As of March 2022, Robinhood had 22.8 million funded accounts and 15.9 million monthly active users, and rolled out a cryptocurrency wallet to more than 2 million users in April 2022. The malicious domain was created September 18 2022 and detected by bfore.ai September 20 2022.
The malicious domain shows a replica of the original website.
Additionally, clicking on 'Get Started' on the main page now directs the user to the following site:
Tawk.to is a live chat software designed to help businesses communicate with clients and website visitors to deliver customer support. The above tawk site is currently blank, but this is most likely where the threat actor intends to lure unknowing customers to invest or buy crypto for the threat actors personal gain.
At Bfore.Ai, we work daily to ensure these phishing attacks get stopped before even reaching their targets. We are here to make your internet journey safer than it has ever been.
With more than 30K new malicious indicators per day we got you covered no matter where the attack comes from. Only 0.05% false positive rate, stop wasting time in false alerts chasing. By launching our PreCrime and PreEmpt technologies, we measure our anticipation from an attack starting, faster than attackers.
Accepting that the only defense is good detection, is accepting to be forever a victim. We believe in prevention more than response. Visit our website for more information !
Every day, adversarial tactics become more collaborative, technologically advanced, and rapid - and at this rate, you simply can’t afford to wait for the next attack before you react. Here are some recommendations from our team :
This document and its contents do not constitute, and are not a substitute for, legal advice. The outcome of a Security Risk Assessment should be utilized to ensure that diligent measures are taken to lower the risk of potential weaknesses be exploited to compromise data.
Although the Services and this report may provide data that Client can use in its compliance efforts, Client (not Bfore.Ai) is ultimately responsible for assessing and meeting Client's own compliance responsibilities. This report does not constitute a guarantee or assurance of Client's compliance with any law, regulation or standard.