- Exercise caution with communications from known senders or legitimate platforms.
- Navigate directly to legitimate apps or websites and verify before submitting account credentials, providing personal or financial information, or downloading files.
- Enable MFA and keep systems and browsers up to date.
- If threat actors gain remote access, disconnect from the internet and run anti-virus/anti-malware scans.
- If sensitive information was entered, change passwords for compromised accounts, use the “Log out of all other sessions” feature in the real Robinhood app, monitor for unauthorized activity, and review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources.
- Forward the entire email (including headers) to report this phishing scam to Robinhood (reportphishing@robinhood.com) and report abuse to the hosting provider (abuse@netcup.de).
- Report malicious cyber activity to the NJCCIC and the FBI's IC3.
