Penka Hristovska
Published on: April 28, 2025
Japanese regulators have issued an urgent warning about hundreds of millions of dollars in unauthorized trades occurring on hacked brokerage accounts across the country.
Japan’s Financial Services Agency (FSA) said this trend was fueled by stolen customer information acquired through phishing websites “disguised as websites of real securities companies.”
The fraudulent trading activity has reached ¥100 billion ($710 million) since it began in February, with no indication of it subsiding.
“There are various types of fraudulent transactions, but in most cases, the fraudsters gain unauthorized access to victim accounts and manipulate them to sell stocks, etc. in the accounts, and use the proceeds to buy Chinese stocks, etc,” officials explained.
The scam typically starts with a phishing message, often delivered via email or SMS, that appears to come from a trusted and established company. This message contains a link that directs the victim to a fake website designed to look identical to the legitimate site.
Once on the fake site, victims unknowingly enter their login credentials, granting attackers access to their accounts — and, by extension, their funds. The scammers then log into the real account, sell the victim’s assets, purchase new ones, and drain the account, often laundering the stolen money in the process.
“As a result of the fraudulent transactions, the Chinese stocks etc. remain in the victim accounts,” the agency continued, noting that there “may still be cases of unauthorized access or fraudulent transactions that have not yet been discovered.”
Brokerages have reported 736 unauthorized trades in the first 16 days of April, up from 685 in March and just 33 in February. The Financial Services Agency confirmed that six online brokerages have been impacted so far this month, according to a press release from the agency.
Nomura Holdings Inc., SMBC Nikko Securities Inc., and SBI Holdings Inc. are among the companies that have encountered fraudulent transactions, following the initial discovery of such activity at Rakuten Securities Inc. in late March.
