fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Phishing Targets US Brokerage Firms Using FINRA Lookalike Domain

Phishing Targets US Brokerage Firms Using FINRA Lookalike Domain

US securities industry regulator FINRA warned brokerage firms earlier this week of ongoing phishing attacks using a recently registered web domain spoofing a legitimate FINRA website.

FINRA (Financial Industry Regulatory Authority) is a non-profit organization supervised by the Securities and Exchange Commission (SEC) that regulates all exchange markets and securities firms publicly active in the United States.

The independent, non-governmental securities regulator also supervises more than 624,000 brokers across the US and examines billions of market events every day.

Malicious domain mimics a FINRA official site

“FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails that include the domain ‘@invest-finra.org’.” the stock market regulator said.

Also Read: What is Pentest Report? Here’s A Walk-through

FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.”

The invest-finra[.]org domain used in these ongoing phishing campaign was registered on November 5th via the French Gandi domain name registrar.

WHOIS domain data does not provide any information on who registered the phishing domain since all personal information is redacted using the registrar’s privacy service.

FINRA has asked Gandi to suspend services for the domain due to its use in active phishing attacks before issuing the alert but, although not hosting any website, invest-finra[.]org is still reachable.

Since the domain is not connected in any way with FINRA, member brokerage firms are advised to immediately delete any and all emails received from this domain.

“FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links,” the alert adds.

“For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices -2018.”

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

Previous phishing attacks targeting FINRA members

Another alert issued in August alerted member firms of threat actors using a copycat site hosted at finnra[.]org that featured a registration form used to collect personal info that could later be used in spear-phishing attacks directed at FINRA members.

FINRA issued a similar notice two months ago warning member firms of widespread phishing attacks that used surveys to collect sensitive information.

In August, FINRA notified brokerage firms of threat actors using their registered brokers’ info to build convincing phishing sites.

The stock regulator also published a warning last year to inform of fraudulent emails targeting members that added authenticity to the phishing attempts by using lures featuring a USA Patriot Act provision.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us