Japan’s Financial Regulator Flags $700M in Unauthorized Trades Due to Hacked Brokerage Accounts
Japan’s Financial Services Agency (FSA) recently issued a warning about the rising threat of unauthorized trades linked to hacked brokerage accounts, revealing that nearly $700 million in fraudulent activity has occurred since March.
According to the FSA, incidents of fraudulent trades surged from just 33 in February to 685 in March and 736 during the first 16 days of April. At least six securities firms have reported compromised client accounts.
The attacks are largely attributed to login credentials stolen via phishing sites that mimic legitimate brokerage platforms. However, the Japan Securities Dealers Association (JSDA) added that infostealer malware has also played a role in harvesting user information.
Alarmingly, scammers have used the news of these breaches as a tactic to launch further phishing campaigns. The JSDA noted a wave of deceptive emails sent under the guise of alerts from brokerage firms or the association itself, urging recipients to click on malicious links under the pretense of warning them about scams.
Fraudsters Manipulating Accounts to Purchase Chinese Stocks
The volume of unauthorized logins has also escalated significantly—rising from 43 cases in February to 1,422 in March, and 1,847 by mid-April, totaling 3,312 compromised accounts over three months.
The FSA noted that attackers typically access accounts without permission, liquidate existing holdings, and use the funds to purchase Chinese stocks. These purchases remain in the victim’s account, suggesting that fraudsters may be attempting to manipulate stock prices of targeted securities for personal gain.
While the FSA provided figures of 50.6 billion yen in stock sales and 44.8 billion yen in purchases over the last three months, the agency clarified that these numbers represent transaction volume, not direct investor losses.
FSA and JSDA Issue Security Recommendations for Investors
To protect against account breaches, the FSA and JSDA advised investors to take the following precautions:
- Avoid clicking on links in emails or text messages, even if they appear to be from familiar sources.
- Bookmark the official website of your brokerage firm and access it only through that bookmark.
- Enable multi-factor authentication and notification alerts for logins, trades, and withdrawals.
- Use strong, unique passwords that combine uppercase and lowercase letters, numbers, and special characters.
- Monitor your accounts frequently for suspicious activity.
The FSA urged any users who believe they may have entered credentials on a fake website or noticed unauthorized activity to contact their brokerage immediately and reset their passwords.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
