Robinhood Markets (NASDAQ:HOOD) has one of the most seamless digital investing and trading experiences, however, the investment platform continues to face challenges such as malicious phishing emails being sent to unsuspecting users. Recently, Robinhood Markets sent out an email to users explaining how consumers are increasingly being targeted by malicious scammers online. Notably, only a few minutes after this email was sent, some users got an alert telling them that they had added passkeys to their investing accounts so that they can sign in more effortlessly.
However, these users may not have even added passkeys. This was yet another malicious email sent by bad actors. The email even instructed users to contact a support number that was fake.
A more careful and closer inspection of the email confirmed that it did not originate from the official Robinhood email service. Even the company logo was different and rather basic. It was an easy catch for more experienced users but could have seriously done damage to a significant number of more novice traders.
Unfortunately, these types of scams and fraudulent tactics are becoming increasingly common. Bad actors typically rush panicked users, bombard them with misinformation, and create this false sense of urgency to act quickly. But more experienced people know that these are all malicious tactics to get users to part from their hard-earned money or investments.
On Sunday evening, some customers received a falsified email from noreply@robinhood.com with the subject line “Your recent login to Robinhood.”
This phishing attempt was made possible by an abuse of the account creation flow. It was not a breach of our systems or customer…
— Robinhood Help (@AskRobinhood) April 27, 2026
In addition to the email message about the passkeys being added, there were other fake messages titled “Your recent login to Robinhood” or something similar. These emails are all fraudulent or may as well be attempts to gain unauthorized access to user accounts. In order to safeguard one’s digital identity and funds, users are encouraged to very carefully read every email.
We need to pay close attention to everything including spellings (scammers are always in a hurry and frequently misspell many words or have really bad grammar in general). Also check for the official logo and confirm if it matches the actual service provider. Most scammers even know that they cannot fool everyone so they try to go after some of the most inexperienced users who may easily fall for such scams.
In addition to treading carefully, users should consider not keeping all their funds or a large portion of them on just one platform. Try to spread your assets across a range of platforms and make sure to only log into such apps from familiar, home networks. And create passwords that are easy for you to recall but pretty much impossible for anyone else to guess. Also make sure to use some VPN service but try to keep password management away from password managers as they are also a central point of (potential) failure.