A surge in cyberattacks has affected Japan’s online
trading sector, as hijackers continue to compromise brokerage accounts and
execute fraudulent trades worth hundreds of billions of yen.
The Financial Services Agency (FSA) has raised the
alarm over the scale of the attacks, which have spiked sharply since March and
show no sign of slowing.
Fraud Totals Reach Alarming Levels
In May alone, hackers executed 2,289 unauthorized
transactions totaling approximately ¥200 billion. Although this marks a decline
from April’s figures, 2,910 cases and ¥290 billion in fraudulent activity, the
numbers remain high compared to historical norms.
Over just three months, March to May, fraudulent
trades exceeded ¥500 billion across nearly 6,000 incidents. The scope of the
attacks underscores how cybercriminals are exploiting security vulnerabilities
in online brokerage systems to take control of customer accounts.
Once inside, hackers typically sell off the assets in
the account and use the proceeds to purchase low-liquidity stocks, many of
which they likely own, to inflate prices artificially.
The Japan Securities Dealers Association confirmed
that 16 brokerage firms have reported account hijackings. While major firms
were the initial targets, attackers are now increasingly shifting their focus
to smaller brokerages, where cybersecurity protections may be weaker.
Hackers reportedly use phishing emails, malware, and
spoofed websites to steal user credentials. These techniques allow them to
bypass login protections, particularly at firms that do not enforce multifactor
authentication.
Push for Stronger Protections
In response to the growing threat, 76 brokerages have
committed to making multifactor authentication mandatory for trading. However,
the rollout remains uneven, and full implementation will take time. Until then,
user accounts remain exposed to potential compromise.
Multifactor authentication typically involves
requiring a second verification step, such as a one-time code sent via text or
generated through an authentication app.
While effective, the added layer of protection is
still optional for many users, a gap hackers continue to exploit. The FSA has
urged investors to take basic precautions: avoid reusing passwords, regularly
update software, and install anti-malware programs.
The agency also warned that the official numbers may
underestimate the true scale of the fraud, as some unauthorized transactions
might not yet be discovered or reported.
A surge in cyberattacks has affected Japan’s online
trading sector, as hijackers continue to compromise brokerage accounts and
execute fraudulent trades worth hundreds of billions of yen.
The Financial Services Agency (FSA) has raised the
alarm over the scale of the attacks, which have spiked sharply since March and
show no sign of slowing.
Fraud Totals Reach Alarming Levels
In May alone, hackers executed 2,289 unauthorized
transactions totaling approximately ¥200 billion. Although this marks a decline
from April’s figures, 2,910 cases and ¥290 billion in fraudulent activity, the
numbers remain high compared to historical norms.
Over just three months, March to May, fraudulent
trades exceeded ¥500 billion across nearly 6,000 incidents. The scope of the
attacks underscores how cybercriminals are exploiting security vulnerabilities
in online brokerage systems to take control of customer accounts.
Once inside, hackers typically sell off the assets in
the account and use the proceeds to purchase low-liquidity stocks, many of
which they likely own, to inflate prices artificially.
The Japan Securities Dealers Association confirmed
that 16 brokerage firms have reported account hijackings. While major firms
were the initial targets, attackers are now increasingly shifting their focus
to smaller brokerages, where cybersecurity protections may be weaker.
Hackers reportedly use phishing emails, malware, and
spoofed websites to steal user credentials. These techniques allow them to
bypass login protections, particularly at firms that do not enforce multifactor
authentication.
Push for Stronger Protections
In response to the growing threat, 76 brokerages have
committed to making multifactor authentication mandatory for trading. However,
the rollout remains uneven, and full implementation will take time. Until then,
user accounts remain exposed to potential compromise.
Multifactor authentication typically involves
requiring a second verification step, such as a one-time code sent via text or
generated through an authentication app.
While effective, the added layer of protection is
still optional for many users, a gap hackers continue to exploit. The FSA has
urged investors to take basic precautions: avoid reusing passwords, regularly
update software, and install anti-malware programs.
The agency also warned that the official numbers may
underestimate the true scale of the fraud, as some unauthorized transactions
might not yet be discovered or reported.
