Some of you are familiar with an app called Robinhood. Available in the App Store and Google Play Store, Robinhood offers commission-free trading for those who make their own stock, option, and ETF trades. While using an iOS or Android app allows traders to always be able to get in or out of a trade no matter where they are, Bloomberg is reporting that several Robinhood account holders have discovered that funds in their brokerage account have been stolen.
Bad actors go phishing and catch money that doesn't belong to them
While Robinhood says that there has been no breach of its security system, the growing popularity of trading by phone has made these accounts a tempting target for hackers. Making things easier for the thieves is the lack of an emergency number that account holders can call to let Robinhood know that the money in their accounts is being siphoned away by criminals who don't have permission to access these accounts. Even though Robinhood has doubled its customer service team, clients are complaining that they cannot get in touch with the company fast enough to stop them from getting wiped out.
As an example, Robinhood customer Soraya Bagheri discovered that her 450 shares in Moderna Inc. were sold and that a $10,000 withdrawal from her account was pending. The problem was, she never authorized the sale of the stock and didn't request a payment. She alerted Robinhood and received an email stating that the incident would be investigated and that the firm would report back within a "few weeks." Still awaiting a response from the brokerage firm, her money is now gone. Another customer, Pruthvi Rao, had his Netflix holdings sold and $2,850 taken out of his account. He sent more than a dozen emails to Robinhood and contacted some of the brokerage firm's executives via LinkedIn. Rao said, "I’m in tremendous mental stress right now because this is all of my savings," and his account is now frozen as a result of an investigation. Robinhood did write him to say that "We understand the sensitivity of your situation and will be escalating the matter to our fraud investigations team. Please be aware that this process may take a few weeks, and the team working on your case won’t be able to provide constant updates."
Some of these criminals are using phishing techniques to gain entry to a Robinhood customer's account. By sending out fake emails using Robinhood's logo, an account holder can be duped into believing that he/she needs to respond to a bogus request for personal information including a social security number. Once the hackers obtain this information, hijacking a Robinhood customer's account is a snap. Some of these bad actors set up Wi-Fi networks in public places and use credible sounding names, such as the name of a nearby business, to help them obtain information that can be used to get into a Robinhood account. And malicious software can detect when someone logs into a financial account and can put through unauthorized transactions.
Robinhood did have a response. "A limited number of customers appear to have had their Robinhood account targeted by cyber criminals because of their personal email account (that which is associated with their Robinhood account) being compromised outside of Robinhood. We’re actively working with those impacted to secure their accounts," said a spokesman. Marc Arena, CEO of Intel 471 tracks the activities of digital criminals and says, "This shows the importance of people practicing common information-security hygiene such as not re-using the same password across multiple accounts and enabling two-factor authentication, which Robinhood supports."
Outside of not using a mobile app to trade stocks, in general, you should never respond to email or texts asking for personal information. Mark McCreary, chair of the privacy and data security practice group at Philadelphia based law firm Fox Rothschild, points out that "Any of us could have our brokerage account hacked if we do not take precautions to protect ourselves."