Many young and amateur investors are using the Robinhood app to trade stock, but some say the money in their accounts has disappeared.
The NBC4 I-Team learned how it’s happening and how you can keep your money safe, in any account.
Rookie investor Colleen Owen started dabbling in the stock market using the Robinhood app. She was saving money for her kids’ college education.
But recently, Owen went to log in and discovered she couldn’t.
“I realized I can’t get into my account,” said Owen. “I’m totally locked out, I can't reset the password.”
Once she did get in, Owen was stunned at what she saw. Her account - once $1,000 - was empty.
Owen said Robinhood told her the money was sent to someone in Poland, and that she had authorized the transaction.
“It’s my account, these are my stocks, my money, and I didn't authorize anyone else to take it,” said Owen.
So what happened?
Turns out, the answer was hidden in the trash folder of Owen’s email. A fraudster had hacked in.
It’s easy to do, through malware. Once there, they learned she had a Robinhood account. So they used her email to change the password on the account, liquidate it, and transfer the funds. Owen didn’t know any of this was happening because the fraudster routed all incoming Robinhood emails, confirming the account changes, to her trash.
Security expert Jim Stickley says email hacks are common and dangerous.
“If a criminal can gain access to your gmail account, you’re cooked,” said Stickley.
Stickley says when a fraudster hacks your email, they can spy on you. They learn what accounts you have, and can then break into them, just like they did with Owen.
“People don’t realize that your email is the easiest way for people to get into all of your accounts,” said Stickley.
In a statement to the I-Team, Robinhood said other investor accounts have also been compromised through email hacks. For its part, it said: “Our fraud, security and data teams work diligently to identify patterns that signal this activity.” It also said it’s “constantly monitoring new threats.”
But Owen doesn’t feel like the company did enough for her.
“If you want a guy in Poland to spend your money, Robinhood’s the company,” said Owen.
After the I-Team reached out to Robinhood, it refunded Owen the $1,000 that the fraudsters stole from her.
“To them, it’s not a lot, I'm sure,” said Owen. “But to me, it is.”
So how can you keep your financial accounts safe?
- Set up two-factor authentication. Owen didn’t have this set up on her account.
- Make sure all your accounts have a unique, hard-to-guess password.
- Use your phone or tablet to log in to your accounts. It’s much harder for fraudsters to install malware on those devices.
- Monitor your email - especially your deleted folder.