TOKYO – A series of crimes has occurred in which hackers took over individual investors’ accounts with securities companies and made illegal stock trades.

The criminals are believed to be using the accounts to manipulate stock prices, raising the prices of specific shares by purchasing large numbers of low-priced stocks that are not usually traded actively.

Some individual investors have lost millions of yen through the scams. Criminal groups are also believed to have stolen clients’ authentication information by guiding them to fake websites.

Securities companies are calling on their clients to be wary of the scams.

Unauthorized login

GRAPHICS: THE YOMIURI SHIMBUN

A 36-year-old company employee in Saitama Prefecture who suffered losses from this kind of scam openly expressed his surprise. “I never dreamed that my account could be hacked and taken over,” the man said.

On March 20, he found records of Chinese company shares, which he did not recognize, in his account with Rakuten Securities Inc.

The man checked the trading records for the previous day, and found that Japanese company shares worth about ¥12 million that he had owned had been sold without his knowledge. In addition, a total of 200,000 shares in a Chinese company had been purchased through his account. The Chinese company stocks were priced at about ¥57 per share.

Because the day was a national holiday, the man could not contact officials of Rakuten Securities. He was worried, thinking that he might have been involved in a crime.

The man immediately sold all the Chinese shares, but he suffered about a loss of about ¥2.1 million from the transaction.

Later, he submitted an inquiry to Rakuten Securities, and signs were found of an unauthorized login from a personal computer that was not his.

The man was perplexed, saying: “I’ve never opened a suspicious email. I have no idea how my authentication information was leaked.”

The man said that an official of Rakuten Securities told him, “Regardless of whether a client actually input commands, we do not provide compensation for transactions that were made with a registered ID and passcode.”

The man said he was considering legal action. “I can’t accept that, because it was illegal trading,” he said.

Targeting low-priced stocks

Illegal transactions like this have been confirmed and announced by many securities companies since late March. The firms involved include Rakuten Securities, SBI Securities Co., Nomura Securities Co., Monex Inc., SMBC Nikko Securities Inc. and Matsui Securities Co.

Rakuten Securities, which has about 12 million general securities accounts for clients, has suspended buy orders for shares of more than 1,000 Chinese companies, to prevent damage from spreading further. On April 14, the company also suspended orders for shares in 20 U.S. companies.

None of the securities companies have disclosed the scales of the damage or other details.

What is the criminal group aiming to do? According to Rakuten Securities and other sources, the hacked accounts showed large purchases of stocks in Japanese and Chinese companies that were low-priced and not actively traded.

The stock prices of some of the companies had shown unusual fluctuations since late Match.

“[The criminals] may be trying to gain profits by raising the share prices through large-scale purchases and then selling stocks that they already owned,” said Naoki Fujiwara, senior fund manager of Shinkin Asset Management Co.

Rapid increase in phishing emails

The IDs and passcodes of the hacked accounts are believed to have been stolen through phishing scams that guide people to fake websites for securities companies, or through the use of malware.

According to the Council of Anti-Phishing Japan based in Tokyo, reports from individuals and companies about phishing emails claiming to be from real securities companies, as well as emails from trying to guide people to fake websites, began increasing in January.

The number of reports from March to April 8 rapidly surged to 17,600.

Such illicit emails seek to heighten recipients’ anxiety by using such terms as “urgent,” “important” and “Your account is going to be unusable. Then they try to guide people to fake websites through online links.

“Such emails contain tricks to slip through security systems,” said Yukimi Sota, chief security evangelist of the Japanese unit of Proofpoint Inc., a major email security service company.

The fake websites use graphics copied from securities companies’ actual sites. “It’s very difficult to distinguish between them,” an official of the anti-phishing council said.

“We want people to thoroughly observe these guidelines: never open links in emails or texts, and conduct transactions only via bookmarked genuine sites or official apps,” the council said, calling on investors to be careful.

Strengthening countermeasures

Securities companies have been enhancing their countermeasures.

On March 23, Rakuten Securities launched a system of risk-based authentication that requires an additional stage of identification if an account is accessed from a computer terminal that is not the one usually used by the account holder.

Also, many securities companies have introduced multifactor authentications, such as the input of one-time passwords in addition to IDs and ordinary passwords, or identifying users through the computer terminal being used. The companies strongly recommend that clients use the additional systems.

However, an official in the securities industry said: “In securities transactions, a swift decision can affect the results. So, there are clients who dislike the increase of one more step.”

As damage from the scams has grown, the Japan Securities Dealers Association this month began discussing revisions of its guidelines to prevent illegal access, with the enhancement of multifactor authentication in mind.

An official of the association said, “They are unprecedented incidents. We shall find out what are happening and consider countermeasures which can make clients conduct transactions with a sense of security.”

Asia News Network/The Japan News