Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Brokers Warned of Ongoing Phishing Attacks Impersonating FINRA

US Brokers Warned of Ongoing Phishing Attacks Impersonating FINRA

The US Financial Industry Regulatory Authority (FINRA) warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties.

FINRA is a non-profit organization supervised by the Securities and Exchange Commission (SEC) and authorized by the US government to regulate all publicly active securities firms and exchange markets.

This independent, non-governmental securities regulator supervises over 600,000 brokers across the nation and keeps track of billions of market events every day.

Impersonated FINRA domain names used for phishing

In a notice issued on Friday, the US financial industry regulator said that the phishing messages are being sent from multiple domains impersonating FINRA official sites.

The attackers are using at least three different domains in this campaign (i.e., finrar-reporting[.]org, finpro-finrar[.]org, gateway2-finra[.]org).

“The email asks the recipient to click a link to ‘view request’ and provide information to ‘complete’ that request, noting that ‘late submission may attract penalties’,” the regulatory notice reads.

This tactic is designed to add urgency to the attackers’ demands, with the hope that the victims would answer their request before checking the emails’ legitimacy.

“FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident,” the regulator adds.

Brokerage firms and their employees are urged to verify the legitimacy of all suspicious emails before replying, opening attachments, or clicking on embedded links.

Also Read: Vulnerability Management For Cybersecurity Dummies

FINRA Sample Phishing Email
Image: FINRA

The domains used in these ongoing phishing attacks were registered on Thursday, August 12, using the services of the Hosting Concepts B.V. and NameCheap registrars.

Before issuing the alert, FINRA asked the Internet domain registrar to suspend services for the malicious domains due to their use in active phishing attacks.

According to the US financial market regulator, none of the domain names used to deliver phishing messages are connected to FINRA.

Organizations receiving phishing emails originating from these domain names are advised to delete them immediately.

“For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices – 2018,” FINRA added.

Similar phishing attack spotted in June

While the financial regulator rarely issues such regulatory notices, it has published three of them this year, all of them informing brokers of phishing attacks targeting their information.

In June, FINRA warned of a very similar campaign also threatening recipients with penalties following failure to submit the requested information in a timely fashion.

Another alert, issued in March, alerted US brokers of a phishing campaign using fake compliance audit alerts to harvest brokers’ information.

Also Read: Compliance With Singapore Privacy Obligations, Made Easier!

Last year, brokerage firms were warned of spear-phishing attacks that redirected targets to a fake registration form hosted on the finnra[.]org copycat site.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us