Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Brokerage Firms Warned Of Widespread Survey Phishing Attacks

US Brokerage Firms Warned Of Widespread Survey Phishing Attacks

The U.S. Financial Industry Regulatory Authority (FINRA) has issued a notice warning member brokerage firms of widespread phishing attacks using surveys to harvest information.

FINRA is a non-profit organization and self-regulatory body authorized by the U.S. government to regulate exchange markets and brokerage firms.

According to FINRA, the organization supervises over 624,000 brokers across the country and examines billions of market events each day.

Phishing emails sent from fake FINRA domain name

The financial industry regulator said that the phishing messages are being sent from a fake FINRA domain and made to look like they were being sent by FINRA.

Member firms are asked to fill a survey by October 13, with the information needed to FINRA would need to “update its conduct and supervisory rules.”

“The email was sent from the domain ‘’ and was preceded by ‘info’ followed by a number, e.g., [email protected],” the regulator said.

Also Read: Data Protection Authority GDPR: Everything You Need To Know

“FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.”

FINRA sample phishing email
Sample phishing email (FINRA)

Since the domain is not connected in any way with FINRA, member firms are urged to immediately delete any and all emails they received from this domain.

FINRA has also requested NameCheap, the Internet domain registrar used to register this domain four days ago, to suspend services for

“FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links,” the notice adds.

Previous phishing alerts

During August, FINRA warned members of attackers using registered brokers’ info to create convincing phishing sites.

Another alert issued the same month notified of threat actors using a copycat site hosted at finnra[.]org with a registration form used to collect personal information that could later be used in spear-phishing attacks targeting FINRA members.

The regulator issued another security alert in May warning of a “widespread, ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA officers,” including but not limited to Josh Drobnyk and Bill Wollman, two of the non-profit’s vice-presidents.

Last year, FINRA also published a notice to inform of fraudulent emails targeting members using a USA Patriot Act provision relating to the ability of financial organizations to share info for additional authenticity.

Also Read: Website Ownership Laws: Your Rights And What These Protect



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us