NewsLocal News

Actions

Buffalo college student says investment and trading app hacked, bank account drained

Erie 1 BOCES falls victim to "hack attack"
Posted at 12:03 AM, Oct 15, 2020
and last updated 2020-10-15 00:04:31-04

CHEEKTOWAGA, N.Y. (WKBW) — It only took three minutes for $4,020 to disappear from Hamza Elkirami’s bank account.

“Minutes, minutes, like I can count on my fingers, minutes,” Elkirami said. Last week, Elkirami could only watch as he said hackers drained his account through the trading and investing app “Robinhood."

The college student set aside the money to pay for rent and a trip home to Morocco to visit his family — some of whom Elkirami said he has not seen in eight years.

“That meant everything to me. That was basically my life savings. It was like my hard work and many, many hours of three plus jobs,” Elkirami said.

The University at Buffalo college student said he immediately reached out to Robinhood requesting help. At first, he only got an automatic response. The next day, Robinhood customer service responded saying his account was suspended and hours later sent another email saying it was reinstated.

Since then, he said he has heard very little. Elkirami also reached out to Buffalo Police Department for help and filed complaints with the FBI and SEC.

“I thought the risk was just in the stock going up and down, I never excepted the risk of somebody hacking into my account and stealing all my money from it,” Elkirami said.

Cybersecurity expert Michael McCartney, President of Avalon Cyber, said before using these types of apps, review customer service policies, look at consumer reporting agencies and even Google the company.

“If you’re going to put yourself out there financially to really understand what it is you’re putting your money in and how you might be able to interact with that company,” McCartney said.

McCartney also said to use two-factor authentication, change your passwords often and avoid public wi-fi.

Elkirami said he is keeping his head up and working three jobs while still going to school full-time. He said even if he does not get refunded, he hopes he can help others by sharing his story.

“Honestly it’s out of my hands at this point. I did everything I could,” Elkirami said.

A spokesperson with Robinhood responded to 7 Eyewitness News request for comment in the bullet points below.

On responding to the Elkirami’s situation and the safety of the app:

  • "We cannot discuss individual customer account activity details. We fully understand potential fraudulent or suspicious activity in a financial account can cause concern and we are focused on ensuring we always respond to customers reporting fraudulent or suspicious activity and work as quickly as possible to complete our investigation, resolve any account issues, and process any refund."
  • "This was not stemming from a breach of Robinhood’s systems."
  • "A limited number of customers appear to have had their Robinhood account targeted by cyber criminals because of their personal email account (that which is associated with their Robinhood account) being compromised outside of Robinhood. We’re actively working with those impacted to secure their accounts."
  • "Because of this increase in cyber crime and in an effort to help customers continue to protect their accounts, we have been rolling out planned communications with customers via push notifications related to recommended account security actions [robinhood.com], including setting up two-factor authentication, verifying their personal information, and encouraging strong password practices."

On the question regarding safety measures in place:

  • "The security of Robinhood customer accounts is a top priority and something we take very seriously."
  • "When a customer contacts us about potential fraud on their account, our policy is to restrict the account and investigate for unauthorized access. The account is also logged out of all devices and the customer is requested to change their password."
  • "We also regularly monitor for any suspicious or fraudulent activity. If we identify potential fraudulent actions on an account, we work with the customer to provide a timely resolution and help secure and protect their account."