Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Brokerage Firms Warned of Ongoing Phishing With Penalty Threats

US Brokerage Firms Warned of Ongoing Phishing With Penalty Threats

FINRA, the U.S. securities industry regulator, has warned brokerage firms of an ongoing phishing campaign threatening recipients with penalties unless they provide the information requested by the attackers.

FINRA (Financial Industry Regulatory Authority) is an independent, non-governmental securities regulator supervised by the U.S. Securities and Exchange Commission (SEC) that regulates all securities firms and exchange markets publicly active in the U.S.

The non-profit organization also supervises over 620,000 brokers across the U.S. and examines billions of market events daily.

Penalty threats used to bait victims

“FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name,” the market regulator said in a regulatory notice issued on Monday.

“FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.”

Attackers send fraudulent emails from [email protected] requesting additional information from recipients to verify their firm name.

They also threaten their targets that late submission of the requested info would attract penalties, a tactic designed to add urgency, hoping that the victims would answer the request before checking the emails’ legitimacy.

Also Read: The DNC Singapore: Looking At 2 Sides Better

Penalty threats phishing email sample
Penalty threats phishing email (FINRA)

The gateway-finra[.]org domain used in these ongoing phishing attacks was registered on June 7 using the Hosting Concepts B.V. domain registrar.

FINRA has asked the Internet domain registrar to suspend services for the domain due to its ongoing use in active phishing attacks before issuing the alert. However, the domain is still reachable, redirecting to the official FINRA website.

Since the domain is not connected with FINRA, member brokerage firms are advised to delete any emails received from this domain immediately.

“FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links,” the regulator adds.

“For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices – 2018.”

Also Read: 4 Best Practices on How to Use SkillsFuture Credit

Previous FINRA phishing alerts

While FINRA rarely issues such regulatory notices, the regulator has published four of them last year, with two of them informing of phishing attacks targeting brokers’ information.

The most recent of them, issued in March, notified U.S. brokers of an ongoing phishing campaign using fake compliance audit alerts to steal information.

Another one, published in December 2020, warned brokers of similar phishing attempts using another domain (invest-finra[.]org) spoofing a legitimate FINRA site.

In October, the stock market regulator alerted member firms of widespread phishing attacks using surveys explicitly designed to harvest sensitive information from targeted brokers.

FINRA also warned of threat actors using a copycat site hosted at finnra[.]org with a fake registration form used in spear-phishing attacks directed at brokers.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us