Robinhood Phishing Scam Exploits Gmail Dot Feature to Bypass Security

Key Takeaways Attackers exploited Gmail’s dot alias functionality to generate authentic-looking Robinhood security alert emails Scammers registered Robinhood accounts using modified versions of victims’ email addresses with dots repositioned Malicious HTML code was inserted into the “device name” registration field to embed fraudulent links The deceptive emails successfully passed SPF, DKIM, and DMARC authentication protocols Robinhood verified that no system compromise occurred and user funds and data remained secure Investors using Robinhood found themselves on the receiving end of convincing phishing emails that appeared to originate from the platform’s official mail servers. These deceptive messages alerted recipients about suspicious login activity from an unknown device and featured a clickable button directing them to a fraudulent login portal. NEW: ROBINHOOD WARNS THAT FAKE “YOUR RECENT LOGIN TO ROBINHOOD” EMAILS FROM noreply@robinhood.com WERE SENT SUNDAY VIA ABUSED ACCOUNT CREATION FLOW – DELETE AND AVOID LINKS pic.twitter.com/NUATOZMEwh — DEGEN NEWS (@DegenerateNews) April 27, 2026 Reports of this attack surfaced on social platforms over the weekend, with numerous users posting evidence of the fraudulent communications. Cybersecurity expert Alex Eckelberry verified that this campaign wasn’t caused by a data breach. Rather, it took advantage of two distinct vulnerabilities: the way Gmail processes dot characters in email addresses and security gaps in Robinhood’s user registration system. Robinhood's email service SendGrid (not on 𝕏 )@twilio is hacked or somehow verified a robinhood.com domain sending out phishing emails @RobinhoodApp @AskRobinhood Received: from http://o2.email.robinhood.com (http://o2.email.robinhood.com. [50.31.40.73]) pic.twitter.com/keMphoUU1y — David Gobaud (@davidgobaud) April 27, 2026 Gmail’s email system disregards periods in the username portion of addresses. This means “jane.smith@gmail.com” and “janesmith@gmail.com” both del...