What is the Robinhood Gmail dot phishing scam?

Robinhood users were targeted by a phishing scam that exploits Gmail’s dot alias feature to send fake security emails. These messages appear legitimate because they come from Robinhood’s real email system.

How does the Gmail dot alias trick work?

Gmail ignores dots in email usernames, meaning addresses like jane.smith@gmail.com and janesmith@gmail.com are treated the same. Scammers use this to redirect emails intended for fake accounts into real users’ inboxes.

How did scammers use this trick against Robinhood users?

Attackers created fake Robinhood accounts using dot variations of real email addresses. This triggered legitimate system emails that were then delivered to the victim’s inbox, making the phishing attempt look authentic.

Why do the phishing emails look so convincing?

The emails are sent from Robinhood’s actual mail server and pass security checks like SPF, DKIM, and DMARC. This makes them appear genuine, even though they contain malicious links.

What is the role of the fake login link in the scam?

Scammers inserted phishing links into the email by exploiting input fields during account creation. Clicking the link leads to a fake login page designed to steal user credentials.

Can hackers access accounts just by sending these emails?

No, simply receiving or opening the email is not enough. Accounts are only at risk if users enter sensitive information like passwords on the fake website.

Did Robinhood suffer a data breach?

Robinhood confirmed there was no system breach and no direct compromise of user funds or personal data. The issue stemmed from abuse of the account creation process.

What did cybersecurity expert Alex Eckelberry say about the attack?

Alex Eckelberry explained that the scam combined Gmail behaviour with weaknesses in Robinhood’s signup flow to create realistic phishing emails without hacking the platform.

Robinhood phishing scam exploits Gmail dot trick

Written by Isaac FrancisPublished Apr. 28 2026

Users of Robinhood are being targeted by a phishing scam that exploits Gmail’s dot alias feature to send fake security alerts that appear legitimate.

Cybersecurity researcher Alex Eckelberry said attackers created fake accounts using email variations, allowing real emails from Robinhood’s system to be redirected into victims’ inboxes.

“The result is a real email from '[noreply@robinhood.com](mailto:noreply@robinhood.com)' that passes SPF, DKIM, and DMARC… but now contains injected fake warning text and a working phishing button,”

Eckelberry said.

The scam works by taking advantage of how Gmail ignores dots in email addresses, combined with weaknesses in Robinhood’s account creation flow.

Attackers embed malicious links into legitimate-looking emails by injecting code into optional fields during account setup, creating convincing phishing messages.

Robinhood said the issue was not a system breach and that user funds and personal data were not directly compromised, and following the announcement there was no market impact.

The incident comes as phishing and social engineering attacks continue to dominate crypto-related losses, with Hacken reporting $306 million in such attacks in early 2026.