According to Bloomberg reports, criminals are hijacking Japanese online brokerage accounts and using them to inflate the prices of global cheap stocks. Since February, the amount of fraudulent trading has reached 100 billion yen (approximately 710 million USD). These scams typically utilize hacked accounts to purchase lightly traded domestic and foreign stocks, allowing any previous holders to cash out at artificially high prices.
How do hackers infiltrate your securities trading account?
According to Nobuhiro Tsuji, a cybersecurity expert at SB Technology, the criminals behind these scams likely employ man-in-the-middle attacks and information theft techniques to gain access to account credentials. The former method involves using fake and legitimate websites to steal cookies, which are small text files stored in web browsers to save session data.
Attacks typically begin by luring users to fake websites through phishing emails or malicious advertisements. The fake site then redirects users to a legitimate website, intercepting their login credentials there. In some cases, attackers create extremely complex interfaces (for example, displaying the real site on one side of the browser and the fake site on the other) to deceive users.
In contrast, information-stealing programs are malicious software specifically designed to steal sensitive information such as IDs and passwords. These programs can hide in emails, malicious ads, or fraudulent websites, infecting users’ devices and quietly stealing all stored personal data—often without users being aware that they have been compromised. According to research from Macnica’s security research center, there have been at least 105,000 credential leakage incidents in Japan.
How do hackers manipulate the market for profit?
An anonymous investor stated that his account was hacked and used to purchase Japanese and Chinese stocks, causing him a loss of about 50 million yen. The Tokyo resident in his 50s reported that on the morning of April 16, a notification suddenly popped up on his iPhone. He panicked and immediately called his brokerage, but they said they could not freeze the account.
The investor claimed that although he had only ever bought an index fund tracking the S&P 500 and had never purchased individual stocks, his account was used to buy stocks on margin. Faced with plummeting prices, he chose to sell the stock to avoid further losses. Since the stocks were purchased on leverage, the brokerage stated they would liquidate his holdings in S&P stocks to cover the losses.
One of the stocks bought using his account was DesignOne Japan Inc. On April 16, the trading volume for this stock was 5.8 million shares, while the average daily trading volume over the past six months was only 194,000 shares.
The hackers’ method of profiting involves first buying into the targeted stock, as such lightly traded stocks are easy to manipulate. The hackers leverage the victim’s account to buy large quantities, driving up the price before cashing out, leaving the innocent victim facing the tragic fate of liquidation.
In response, several Japanese brokerage firms have halted the processing of buy orders for certain Chinese, American, and Japanese stocks. Eight of Japan’s largest brokers, including Rakuten Securities and SBI Securities, reported unauthorized transactions on their platforms. These breaches expose potential weaknesses in Japan’s ability to protect its markets from cyberattacks. They could also undermine the government’s efforts to encourage more people to invest for retirement, particularly as some victims state they do not understand how their accounts were compromised, and brokers have yet to compensate victims for their losses.
Why are hackers targeting Japan for market manipulation?
The Japanese government has actively promoted a tax-free small investment scheme (NISA) in recent years to encourage long-term investments, resulting in a significant influx of funds into the stock market, which has also fueled the prevalence of such hacking activities.
The Japanese Financial Services Agency reported that fraudulent trading cases skyrocketed from 33 in February to 736 in the first half of April, without disclosing the amount of losses suffered by victims. This puts the government’s strategy to attract more investors at risk.
On April 22, Japan’s Finance Minister, Katsunobu Kato, stated that the government had requested brokerages to engage in “good faith” negotiations with clients regarding compensation for losses.
The Japan Securities Dealers Association, the umbrella organization for Japanese brokerage firms, has also urged its members to upgrade their systems and enforce multi-factor authentication.
Yutaka Sejiyama, deputy director of Macnica’s security research center, remarked that a weakness in Japan is that people tend to place orders using web browsers rather than more secure mobile applications. Currently, similar spikes in cases have not been observed in other countries.
Risk Warning
Investing in cryptocurrencies carries a high level of risk, and prices can be highly volatile, potentially resulting in the loss of your entire principal. Please carefully assess the risks.