Japan's FSA Warns of Unauthorized Trades via Stolen Credentials from Fake Security Firms' Sites
The Financial Services Agency (FSA) of Japan has issued a warning about the increasing number of unauthorized trades linked to hacked brokerage accounts, with damages estimated in the hundreds of millions of yen.
According to the FSA, there has been a sharp increase in cases of unauthorized access and trading on internet trading services using stolen customer information from fake websites disguised as real securities companies. These phishing sites mimic the legitimate websites of reputable securities firms, tricking unsuspecting users into divulging their login credentials.
The agency warns that attackers are hijacking victim accounts, selling held stocks, and using the proceeds to buy assets like Chinese stocks, which remain in the account post-attack. The reported sales and purchase amounts represent total transaction volumes, not customer losses. This highlights the severity of the issue and the need for users to take precautions to protect themselves from falling victim to unauthorized trading caused by stolen login credentials.
Key Precautions to Avoid Unauthorized Trading
To avoid being a victim of unauthorized trading, users should follow these key precautions:
- Never click on links in emails or SMS, and always access brokerage sites via pre-saved bookmarks.
- Enable security features like multi-factor authentication and login notifications to prevent unauthorized access to accounts.
- Avoid password reuse, and choose complex passwords that are easy for you to remember but hard for others to guess.
- CHECK your account activity often to detect any suspicious transactions.
- If you suspect fraud, change your passwords immediately and contact your brokerage company right away.
Additionally, keeping devices updated and using reliable antivirus software can help prevent malware-related data theft. It is also recommended to check the warning issued by the Japan Securities Dealers Association regarding matters to be aware of when using securities companies' online trading services.
The Rise of Phishing Sites
The FSA warns that cases of unauthorized trading via stolen login data from phishing sites are sharply increasing on online trading platforms. These fake websites mimic real securities firms, making it difficult for users to distinguish between legitimate and malicious sites.
Attackers use various tactics to trick victims into divulging their login credentials, including sending phishing emails or SMS with links to malicious websites. Once the victim's login credentials are obtained, the attacker can hijack the account, sell held stocks, and use the proceeds to buy assets like Chinese stocks.
Avoiding the Risks
By following these precautions, users can significantly reduce their risk of falling victim to unauthorized trading caused by stolen login credentials. It is essential for users to be vigilant when using online trading services and to take proactive steps to protect themselves from phishing sites and other types of cyber threats.
Stay Informed
For the latest updates on this issue, follow me on Twitter (@securityaffairs), Facebook, and Mastodon. By staying informed and taking proactive measures, you can help prevent unauthorized trading and protect your financial security.