When a Hacker Calls: How Robinhood Fell Victim to a Vishing Raid
The call was coming from inside the company.
Or so it seemed when the mobile phone of a customer-service representative for Robinhood Markets Inc. lit up on the evening of Nov. 3. More than an hour passed — on and on the conversation ran, as the caller reeled in the hapless employee.
By the time it was over, that one Robinhood rep had unwittingly handed over keys to the personal information of about 7 million customers, in what’s now believed to be one of the biggest retail brokerage cyber-breaches of all time, by number of accounts affected.
Robinhood didn’t learn of the lapse until the rep got home and told a relative about the strange call — and was promptly advised to escalate it, according to a person familiar with the matter. Only then did the employee inform the company, whose free trading app caught fire with young people buying meme stocks, options and crypto during the pandemic, at times with devastating results.
Robinhood declined to comment on the agent’s performance. It said separately that, to its knowledge, no Social Security numbers or data about debit cards or bank accounts were compromised. Nor did customers incur financial losses, according to the firm…
The U.S. Federal Communications Commission set new rules to curb annoying robocalls, limiting the number of calls companies can make and requiring phone companies to take greater steps to ensure their networks aren’t used to transmit illegal calls.
The FCC said it receives more complaints about unwanted calls than any other issue and has been on a years-long quest to limit calls that can be used to commit fraud and identity theft.
“Americans are sick and tired of unwanted and illegal robocalls, and today’s separate actions are like a one-two punch to ward them off,” FCC Chairman Ajit Pai said in a statement.
Under new rules announced Wednesday, voice service providers will be required to better police their networks to block robocalls with procedures to resolve disputes if a call is blocked in error. Consumers are to be notified when calls are blocked and can request a list of all blocked calls. The phone companies also would be required to aid the FCC and law enforcement in identifying the origin of the robocalls.
Some companies, like those doing market research or political polling, are exempt from some of the restrictions on calling consumers. Such groups will be limited, though, to three calls in a 30-day period and must give consumers a way to opt out of future calls. Those requirements are set to take effect in six months.
The Federal Communications Commission has voted to overhaul reimbursement for routing toll-free numbers, its latest move cracking down on fraud in the phone network compensation system.
An Oct. 7 order released Friday transitions most phone network charges for toll-free calls to a “bill-and-keep system,” in which carriers are paid by subscribers for routing the calls, not other carriers.
The order is aimed at stopping bad actors who have taken advantage of the legacy compensation system by flooding phone networks with robocalls to receive inflated payments from phone companies.
“The gravy train is over,” FCC Chairman Ajit Pai said in a…
March 4, 2019
It’s not easy to stop a robocaller.
The Federal Communications Commission has levied millions of dollars in fines for tricking consumers with spoofed calls. Phone companies like Verizon Communications Inc. and AT&T Inc. offer call-blocking tools and are working with law enforcement to crack down on scammers. Still, the number of robocalls received yearly are in the billions and rising.
After failing at least a dozen times to pass legislation to address the problem, Congress is considering a measure with good prospects of passage. The bipartisan TRACED Act (S. 151) by Sens. John Thune (R-S.D.) and Ed Markey (D-Mass.) would increase the FCC’s enforcement authority against illegal robocallers and mandate the adoption of call authentication systems. The bill has the backing of the commission as well as both industry and consumer groups…
July 20, 2018
The Federal Communications Commission should create a database of reassigned phone numbers to help reduce unsolicited robocalls and robotexts, two senators urged agency Chairman Ajit Pai.
The database of reassigned phone numbers could help businesses avoid unwittingly calling or texting consumers without consent, Senate Commerce, Science and Transportation Committee Chairman John Thune (R-S.D.) and Massachusetts Democratic Sen. Edward Markey wrote in a July 19 letter to Pai.
Companies sometimes inadvertently autodial or robotext consumers without their permission because the previous holder of the number gave consent. Unsolicited robocalls can open businesses up to litigation…
June 5, 2017
The head of a group of California companies that helped telemarketers place billions of unlawful robocalls must pay $2.7 million to the Federal Trade Commission under a federal court judgment announced by the FTC June 2 (FTC v. Jones, C.D. Cal., No. 17-00058, default judgment against individual 5/31/17 ).
The court also entered judgment prohibiting the companies from engaging in prohibited telemarketing practices ( FTC v. Jones, C.C.D. Cal., No. 17-00058, default judgment against companies 5/31/17 )…