Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts

Avatar

Japanese regulators published an urgent warning about hundreds of millions of dollars worth of unauthorized trades being conducted on hacked brokerage accounts in the country. 

Japan’s Financial Services Agency (FSA) said on Friday that there has been a “sharp increase in the number of cases of unauthorized access and unauthorized trading” through online trading services. 

The trend was occurring, according to the agency, because of stolen customer information obtained through phishing websites “disguised as websites of real securities companies.”

As of April 16, the FSA said 12 securities firms reported fraudulent transactions, with sales totaling about $350 million and purchases worth about $315 million. 

“There are various types of fraudulent transactions, but in most cases, the fraudsters gain unauthorized access to victim accounts and manipulate them to sell stocks etc. in the accounts, and use the proceeds to buy Chinese stocks etc,” officials explained. 

“As a result of the fraudulent transactions, the Chinese stocks etc. remain in the victim accounts.”

The agency noted that there “may still be cases of unauthorized access or fraudulent transactions that have not yet been discovered.”

According to the figures reported to the FSA, accounts were accessed illegally more than 3,300 times and there were 1,454 fraudulent transactions. 

Bloomberg reported that some of the firms notifying the FSA of incidents include Rakuten Securities Inc., Nomura Holdings Inc., SMBC Nikko Securities Inc. and SBI Holdings Inc.

During a press conference on Friday, the FSA said brokerages will be covering the losses suffered by their customers

Japan has increasingly warned its citizens of cyberattacks targeting the country from China. At the Munich Cyber Security Conference last year, a senior official within the country’s National Center of Incident Readiness and Strategy for Cybersecurity said China-backed hackers are increasingly targeting telecom carriers, internet providers and other critical infrastructure.

CybercrimeGovernmentNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

5 Reasons Device Management Isn’t Device Trust​

Next Post

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

Related Posts

Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies," Anthony Chavez, vice president of Privacy
Avatar
Read More

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.  "This is due to the create_wp_connection() function missing a capability check and
Avatar
Read More