OSAKA, May 20 (News On Japan) - Cases of online securities accounts being hijacked via computers and smartphones are rapidly increasing, with individual investors seeing their carefully built portfolios vanish in unauthorized trades—often involving unfamiliar Chinese stocks.
"I saw all my stocks had been sold, and I was suddenly down 4.8 million yen. My mind just went blank," said a man in his 30s living in Osaka. He had been saving his investments for a future home purchase when his account was accessed without permission.
The number of these account takeovers stood at just 30 in January. By last month, it had surged to more than 2,700. The total value of unauthorized trades has ballooned to approximately 300 billion yen. As Japan promotes investment through policies like the expansion of the NISA tax exemption program, organized criminal groups appear to be targeting securities accounts.
The scheme works as follows: fraudsters first purchase large quantities of thinly traded, low-priced shares in a company (referred to as Company A). Then, using stolen credentials, they hack into victims' accounts and sell the victims’ existing stocks. The proceeds are used to purchase even more of Company A’s stock. As the buying pressure from multiple compromised accounts drives up the share price, the criminals unload their original holdings for massive profits. The victims are left holding the inflated, soon-to-crash shares of Company A.
One victim lost nearly 9.6 million yen in shares of a Chinese firm he had never heard of, despite having previously held stocks in major Japanese companies worth around 10 million yen. "It was done in a completely dirty way," he said. The securities company told him he was the one who had bought the Chinese stock, and he remains locked out of any resolution.
Despite the steep loss, the man said he would not stop investing. "With uncertainty over future pensions and people saying you’ll need 20 or even 30 million yen to retire, I don’t think I can afford to stop."
But not all hijacked accounts resulted in losses. In another case, a man learned his father’s account, holding about 26 million yen in Toyota and other shares, had been compromised. The stocks were sold off, and new shares in a mail-order company were purchased without their knowledge. By sheer luck, the son realized the issue the next morning and sold the newly acquired stock at a profit, earning roughly 2 million yen. Had he acted a day later, the falling share price could have left them with a 10 million yen loss.
His father now questions the reliability of online brokerages. "I’m starting to think banks, where a real person can help you, might be safer."
Initially, many brokerages declined to compensate victims. But following public backlash and a growing number of cases, the Japan Securities Dealers Association announced on May 2nd that it would establish a policy to provide a certain level of compensation.
One major Osaka-based brokerage, which has not confirmed any losses so far, said it is considering mandatory use of more stringent security measures. "Many of our systems already include biometric and two-step authentication, but clients often prioritize speed over security, and don’t enable these features," said a company representative.
So what can investors do to protect themselves? A former senior official at the National Police Agency’s cybercrime division offered insights: "There are two main methods of attack—phishing and malware. Phishing tricks users into inputting IDs and passwords into fake websites, while malware can steal stored data from infected devices. Both are equally dangerous."
Even antivirus software isn’t foolproof. Some malware is embedded in legitimate-looking websites, meaning data can be stolen even without infecting your own device.
As a preventive step, users are advised to regularly update their devices, use antivirus programs, and avoid clicking suspicious links. "Ideally, you should check your account activity daily and enable two-factor authentication wherever possible," the expert stressed.
One TV guest shared a personal scare: "I got an email claiming to be from the National Tax Agency right after filing my taxes. I started entering my details but stopped when it asked for my credit card number."
Even seasoned users can fall victim. As account hijackings grow more sophisticated, daily vigilance and analog habits—like manually checking one’s account—remain some of the most effective defenses.
Source: KTV NEWS
