A surge in cyberattacks has affected Japan’s online trading sector, as hijackers continue to compromise brokerage accounts and execute fraudulent trades worth hundreds of billions of yen.

The Financial Services Agency (FSA) has raised the alarm over the scale of the attacks, which have spiked sharply since March and show no sign of slowing.

Fraud Totals Reach Alarming Levels

In May alone, hackers executed 2,289 unauthorized transactions totaling approximately ¥200 billion. Although this marks a decline from April’s figures, 2,910 cases and ¥290 billion in fraudulent activity, the numbers remain high compared to historical norms.

Over just three months, March to May, fraudulent trades exceeded ¥500 billion across nearly 6,000 incidents. The scope of the attacks underscores how cybercriminals are exploiting security vulnerabilities in online brokerage systems to take control of customer accounts.

Once inside, hackers typically sell off the assets in the account and use the proceeds to purchase low-liquidity stocks, many of which they likely own, to inflate prices artificially.

The Japan Securities Dealers Association confirmed that 16 brokerage firms have reported account hijackings. While major firms were the initial targets, attackers are now increasingly shifting their focus to smaller brokerages, where cybersecurity protections may be weaker.

Source: Financial Services Agency

Hackers reportedly use phishing emails, malware, and spoofed websites to steal user credentials. These techniques allow them to bypass login protections, particularly at firms that do not enforce multifactor authentication.

Push for Stronger Protections

In response to the growing threat, 76 brokerages have committed to making multifactor authentication mandatory for trading. However, the rollout remains uneven, and full implementation will take time. Until then, user accounts remain exposed to potential compromise.

Multifactor authentication typically involves requiring a second verification step, such as a one-time code sent via text or generated through an authentication app.

While effective, the added layer of protection is still optional for many users, a gap hackers continue to exploit. The FSA has urged investors to take basic precautions: avoid reusing passwords, regularly update software, and install anti-malware programs.

The agency also warned that the official numbers may underestimate the true scale of the fraud, as some unauthorized transactions might not yet be discovered or reported.

Source: Finance Magnates