As a new generation of investors flocks into the stock exchange, criminals are searching for ways to exploit them.
According to security analysts, hackers have turned to the dark web, where logins for accounts in major brokerage firms are listed for sale, and Dark Web Magazine sees listings.
For just a couple of dollars, criminals are promoting credentials for clients of E*Trade, Charles Schwab, TD Ameritrade, Robinhood, and many others, based on New York-based security company Insights. According to the company’s chief security officer Etay Maor, the need has only increased during the pandemic.
“You have more people wanting to do more online from home, and on the other hand, that the attackers that are actively looking and attempting to benefit from this circumstance,” Maor informed DarkWebMagazine. “What you end up with is a good deal of credentials and lots of information being bought and sold on the criminal underground.”
The list of vulnerable accounts varies from social networking sites to payments program Square and trading startup Robinhood. But Robinhood tends to bring higher prices, based on numerous screenshots of the listings seen by DarkWebMagazine.
“They were on a higher price point, which leads us to think they were probably easier to get the credentials for and get in, or easier to cash out,” Maor said.
Social media lure
Another reason Robinhood may be valuable in hackers ‘eyes is their customers’ use of social networking. By “trumpeting success” on Twitter and Reddit, they’re likely putting targets on their backs, according to Richard Bird, chief customer information officer at Ping Identity. The internet bait creates “precisely the type of surroundings that hackers love.”
“Bad actors are just paddling into where the easy money is, after that path of hype, news, and self-aggrandizement like sharks searching harbor seals,” Bird said. “Money, the promise of cash, the announcement of cash to be had, and the bragging about money obtained are simply chummed in the water for bad actors.”
Robinhood has helped ease the introduction of new, millennial investors into the stock market this year. According to the business’s last public disclosure, the startup added 3 million accounts in the first month or two of this year and contained at least 13 million consumers. In June, Robinhood said it saw 4.3 million daily average revenue trades — outperforming all the publicly traded, incumbent brokerage companies.
With this expansion, Robinhood has also seen an uptick of mentions of the terms “fraud” and “hack” in reviews for its product from the Apple and Google app store, according to research company Apptopia. The mentions of “hack” quadrupled in the comparable nine-month period this past year, while “fraud” mentions doubled.
A Robinhood spokesperson stated the startup had seen cases of accounts targeted by bad actors this season. However, hacks didn’t stem from a breach of Robinhood’s systems, according to the firm.
“A limited number of clients seem to have had their Robinhood accounts targeted by cybercriminals due to their personal email accounts (what is connected with their Robinhood accounts ) being compromised out of Robinhood,” a company spokesperson told DarkWebMagazine. “We are actively working with those affected to secure their balances.”
This week, “in an attempt to assist clients in continuing to protect their accounts,” the startup rolled out communications with clients via push notifications associated with account safety activities, including reminders about establishing two-factor authentication, verifying personal information, and encouraging stronger passwords.
The spokesperson pointed to a general growth in targeted cybercrime, which multiple government agencies have cautioned against this season.
The Securities and Exchange Commission issued a note to brokerage companies in September describing these kinds of attacks and especially highlighted credential earnings on the dark web. The Treasury Department Financial Crimes Enforcement Network, or FINCEN, stated there have been over 60,000 identity-related cybercrime reports since February. Each month throughout the pandemic, the bureau said it sees roughly $1 billion worth of financial crimes.
Hackers can find most of what they should break into a person’s account on the dark web, which requires special authorization or software to access. Criminals may take a formerly known username and passwords and try using it on a brokerage website. Phishing, another sort of attack, results from an email link that could allow a hacker to take over your computer and log in from there if clicked. Some sell access to whole computers which have been compromised. Insights said they’ve seen access to logins being sold in bulk for discounted prices ranging from $3 to $30.
Locked out, ‘nobody to call’
DarkWebMagazine talked to four Robinhood users who said they were recently locked out of the accounts, and some maintained their portfolios were drained. The customers said they could not determine whether it had been the consequence of the credentials being used in the dark web or phishing. However, they described frustration in their communication with Robinhood.
Jason Albert, a special education teacher from Steelton, Pennsylvania, said he constructed up his portfolio to $10,000 since linking Robinhood in January. Albert said his account was compromised in May after discovering what he described as”odd things,” such as his equilibrium falling by $1,000. The fifty-year-old school teacher said he hadn’t been reimbursed.
Alex, a 25-year-old company student in New York, told DarkWebMagazine he had $1,400 in holdings when his Robinhood account was murdered in June. He asked his last name not be used for privacy reasons. Notifications started popping up that his holdings were sold, and he had been locked out of his accounts. Several emails and tickets to Robinhood went unanswered. After unsuccessful attempts to reach Robinhood, Alex said his bank finally restored the money to his account.
Thirty-six-year older Nate Heard said he was scrolling through his Robinhood program in September, as he does multiple times every day when he was suddenly logged out. The California-based railroad engineer believed it was a mistake. He could not get back in. Notifications started popping up on his iPhone, revealing his Tesla and Apple shares being sold by someone else.
“I thought it was a glitch — but once I saw the shares being sold, I knew my account was hacked,” Heard told DarkWebMagazine in a telephone interview. Following two weeks of emailing, Heard finally got in touch with Robinhood.
A Robinhood spokesperson told DarkWebMagazine the program’s policy is to restrict an account, explore it for unauthorized access immediately, and log out of all apparatus. The customer is asked to modify their password. And the absence of phone calls is by design.
“We have discovered that, currently, we are best able to reach customers quickly over email,” the Robinhood spokesperson said.