Japan’s Financial Services Agency (FSA) warned last week of the growing threat of hacked trading accounts that has resulted in nearly US $700 million in unauthorized trades since March.
The FSA documented a sharp increase in the number of such fraudulent trades, from 33 in February to 685 in March and 736 through the first 16 days of April. Accounts in at least six securities firms have been targeted in the attacks.
While the FSA cited stolen login information from “fake websites (phishing sites) disguised as websites of real securities companies,” a separate advisory from the Japan Securities Dealers Association (JSDA) also cited infostealer malware as a cause of some stolen credentials.
The surge in compromised accounts has itself been used as a pretext for phishing attacks, JSDA said.
“Taking advantage of this situation, we have also received many reports of emails being sent in the name of the Japan Securities Dealers Association or securities companies, warning people to be careful of phishing scams, with the aim of getting people to click on suspicious URLs,” the JSDA said.
Chinese Stocks Left in Hacked Trading Accounts
The number of unauthorized account accesses has also increased sharply in recent months, from 43 in February to 1,422 in March, and 1,847 through the first 16 days of April, for a three-month total of 3,312 compromised accounts, according to the FSA.
In most cases, the FSA said “fraudsters gain unauthorized access to victim accounts and manipulate them to sell stocks etc. in the accounts, and use the proceeds to buy Chinese stocks etc. As a result of the fraudulent transactions, the Chinese stocks etc. remain in the victim accounts.”
That suggests that share price manipulation could be one possible motive of the fraudulent transactions, to artificially move the share prices of Chinese stocks and other targeted securities that the fraudsters may have a position in.
While the FSA listed total sales (50.6 billion yen) and purchase amounts (44.8 billion yen) for the fraudulent trades over the last three months, the agency noted that those figures do not equate to investor losses from the scams, merely the total amount of the transactions.
Protecting Against Hacked Trading Accounts
The FSA and JSDA both issued steps investors should take to protect themselves from account hacks.
- Don’t open links contained in emails or texts “even if the sender looks familiar.”
- Bookmark the correct website URL for your security company and access it only from the bookmark.
- Enable enhanced security features offered by securities companies such as multi-factor authentication and notification services when logging in, executing a trade, and withdrawing funds, and watch for suspicious transactions.
- Don’t reuse passwords, and don’t use simple passwords that are easy to guess. Combine numbers, uppercase and lowercase letters, and symbols.
The FSA urged account holders to check the status of their accounts frequently, “and if you suspect that you may have entered information on a suspicious website or are engaged in suspicious transactions, contact the inquiry desk of your securities company and change your passwords immediately.”
Dark web monitoring is a good resource for discovering leaked account credentials, both for financial services companies and their customers.
