- Your TV's USB port has an invaluable feature you should use during internet outages
- Save almost 40% on the HP Victus 15L gaming desktop
- VMware Product Release Tracker (vTracker)
- You could get $10K from 23andMe's data breach - how to file a claim today
- I finally found a thermal camera that's accurate - and I keep finding new uses for it
Japanese Account Hijackers Make $2bn+ in Illegal Trades
Japan’s financial regulator has warned of a surge in the number of account takeovers in its securities market, with hackers making illegal trades of over 304 billion yen ($2bn).
In an updated statement, the Financial Services Agency (FSA) warned that there had been a “sharp increase” in the number of cases of unauthorized account access and trading.
It said that unauthorized third parties were using customer information such as login IDs and passwords harvested from phishing sites designed to mimic those of genuine securities firms.
Unauthorized access attempts were relatively muted in January (65) and February (43) before spiking over 3200% the following month to hit 1420. From March to April they jumped another 242% to reach a total of 6380 for the year to date (YTD). Nine securities companies were impacted as of April.
In the same time frame, the number of unauthorized trades leapt from 39 in January to 2746 in April, an increase of over 6900%. The total for YTD is 3505.
It appears that by manipulating the market in this way, the hackers are attempting to boost the value of small-cap stocks that they own, which they can then sell at a bigger profit.
“There are various types of fraudulent transactions, but in most cases, the fraudsters gain unauthorized access to victim accounts and manipulate them to sell stocks and other securities in the accounts, and then use the proceeds to buy domestic and foreign small-cap stocks and other securities,” the FSA explained.
“As a result of the fraudulent transactions, the victim accounts are left with the relevant domestic and foreign small-cap stocks and other securities.”
Keeping Accounts Secure
The scale of the campaign may be even greater than currently thought. The FSA said its figures are provisional only, and that some cases of unauthorized access or fraudulent transactions may not yet have been discovered.
The FSA urged users of online securities trading services to:
- Not open links contained in emails or SMS messages, even if the sender looks familiar
- Bookmark their securities sites and access them that way
- Switch on enhanced account security features such as multi-factor authentication (MFA) and notifications
- Not reuse passwords, or use simple passwords that are easy to guess
- Frequently check their account status and contact the relevant securities company to change their passwords if any suspicious behavior is spotted
- Keep the software and OS of their devices and PCs up to date
- Install anti-malware on any devices and computers
