Fake Robinhood Account-Restriction Phishing
Criminals send fake Robinhood emails or texts claiming your brokerage account has been restricted due to a compliance review or suspicious login, directing you to a phishing site that captures your login credentials and may trigger a 2FA-bypass in real time.
Part of: Fake Suspended Account Appeal Scams
Last reviewed: 7 June 2026
Robinhood manages brokerage, retirement, and crypto accounts for millions of retail investors. Because account access involves real securities and cash balances, any message claiming restrictions trigger significant anxiety — and scammers exploit that anxiety with fake restriction notices designed to look exactly like Robinhood's official communications.
The phishing attack usually references a plausible compliance reason: unusual trading activity, a required identity re-verification under new regulatory rules, or a suspicious device login from an unrecognised location. The email mimics Robinhood's clean, minimalist design, and the 'Restore Access' button leads to a convincing clone of the Robinhood login page.
Some more sophisticated campaigns use real-time phishing proxies — technical setups that sit between the victim and the real Robinhood site, forwarding credentials and even the live OTP that Robinhood sends during the authentication process. This lets attackers bypass two-factor authentication and take over accounts even when 2FA is enabled.
How this scam works on the Robinhood brand
Real Robinhood account restrictions appear as a notice inside the app when you log in directly. Robinhood sends account-related emails from @robinhood.com and directs users to robinhood.com for any actions. The company does not contact customers by phone about restriction reviews unless the customer has already initiated a support ticket.
Fake restriction emails diverge by using senders like robinhood-notifications.com or help-robinhood.net and directing users to a pixel-perfect clone of robinhood.com hosted on a different domain. On the fake page, entering credentials and the subsequent OTP may not raise an error — the page simply displays 'Verification complete, your account will be reviewed' while the attackers are simultaneously logged in on the real site.
Once inside a Robinhood account, attackers may attempt to liquidate positions and withdraw cash, transfer shares through the portfolio settings, or use the account's linked bank details to attempt ACH pulls elsewhere. Crypto holdings in Robinhood Crypto accounts are particularly at risk because they can be transferred to external wallets.
Common red flags
- Sender address is not @robinhood.com
- Login link does not resolve to robinhood.com on hover
- Email references a compliance review or identity re-verification you were not expecting
- The OTP Robinhood sends arrives during the process of using the fake site — an immediate sign a real-time proxy may be in use
- Message claims your positions will be automatically liquidated if you do not act within a short time frame
- Any outbound phone call claiming to be Robinhood support about an account restriction
- Requests for government ID or full SSN via an email form rather than through the secure in-app process
How to protect yourself
- Log in directly at robinhood.com or through the Robinhood app to check your real account status
- Use an authenticator app for 2FA rather than SMS, which is more resistant to real-time proxy attacks
- Never enter your OTP on a page you reached from an email link — close the tab and log in from scratch
- Enable Robinhood's withdrawal-delay settings where available to add a buffer before funds leave
- Review your linked bank accounts and connected devices in Robinhood settings regularly
- Keep the email address on your Robinhood account separate from general-use email to reduce phishing exposure
- Set up biometric login so credential theft alone is insufficient to access the app on your device
How to report it
- Forward phishing emails to [email protected]
- Report through the Robinhood Help Center at robinhood.com/support
- If your account was accessed, contact Robinhood support immediately and request an account freeze
- File a complaint with the SEC at sec.gov/tcr or FINRA at finra.org/investors/have-problem
- Report to the FTC at reportfraud.ftc.gov
Frequently asked questions
Can two-factor authentication prevent Robinhood account takeovers?
Standard SMS-based 2FA provides meaningful protection but is not absolute — real-time phishing proxies can forward OTPs in seconds. Authenticator apps are more resistant. Robinhood also allows biometric login, which helps protect the device-side session.
What happens to my investments if scammers get into my Robinhood account?
Attackers may liquidate positions and attempt a cash withdrawal to a bank account they add. Robinhood has fraud detection that may flag unusual withdrawal requests, but speed matters — report suspicious activity through the app immediately.
Does Robinhood call customers about compliance reviews?
Robinhood customer support is primarily chat-based through the app and website. If a compliance review requires action, it will appear as a notification inside the app, not as an unexpected phone call.