A sophisticated wave of financial fraud is sweeping through Japan, with hackers hijacking online brokerage accounts to manipulate low-volume stocks both domestically and abroad. The scam has triggered losses of around 100 billion yen (S$920 million) since it first emerged in February, prompting concern from investors, government officials, and the financial sector.
What’s Happening?
Hackers are gaining access to individual trading accounts in Japan and using them to buy large amounts of thinly traded stocks—commonly known as penny stocks—listed in Japan, the US, and China. These purchases create artificial demand, driving prices higher and allowing bad actors who previously bought shares at lower prices to “pump and dump” for profit.
The fraud has impacted eight major Japanese brokerages, including Rakuten Securities and SBI Securities, leading some firms to temporarily halt buy orders for selected stocks seen as vulnerable to manipulation.
Who’s Affected?
Japanese investors—particularly older individuals saving for retirement—are bearing the brunt of the scheme. Victims say they were unaware their accounts had been compromised until it was too late.
One Tokyo-based investor in his 50s lost about 50 million yen after his account was hacked. Though he had only invested in index funds, the criminals used his account to buy individual stocks on margin, leaving him exposed to rapid losses. Despite his immediate call to the brokerage, he was told the account could not be frozen. Ultimately, the brokerage liquidated his index fund holdings to cover the leveraged losses.
Among the stocks bought using his account was DesignOne Japan, which saw its trading volume spike to 5.8 million shares on April 16—compared to a six-month daily average of just 194,000.
How Are Accounts Being Hacked?
Experts say the attacks rely on two main techniques:
1. Adversary-in-the-Middle Attacks
This technique hijacks users during login. Attackers set up fake websites that mimic real brokerage sites. When users are lured through phishing emails or malicious ads, they’re redirected to the real site while their credentials and session data (stored in cookies) are silently stolen in the background.
Some attacks are so advanced that one half of the browser displays the real website, while the other shows the fake interface—making it difficult for users to notice anything is wrong.
2. Infostealers
These are malware programs hidden in emails, websites, or ads. Once they infect a device, they silently steal saved IDs and passwords, sending them back to hackers. According to Macnica Security Research Centre, over 105,000 cases of credential theft have occurred in Japan alone.
Why Japan?
Experts believe one reason Japan is especially vulnerable is its preference for browser-based trading, which offers less protection than dedicated mobile apps that often require biometric authentication and offer stronger security.
Mr. Yutaka Sejiyama, deputy director at Macnica, notes that such trends make Japan a “soft target” compared to countries where mobile-first trading is more common.
Government and Industry Response
Finance Minister Katsunobu Kato said on April 22 that securities firms must engage in “good faith” talks with affected clients regarding possible compensation. However, many firms have so far refused to reimburse losses, citing user agreements.
The Japan Securities Dealers Association (JSDA) is urging its members to strengthen their platforms by making multi-factor authentication (MFA) mandatory. The group’s chairman, Toshio Morita, has also criticized firms for not supporting victims, even as he acknowledged that each firm sets its own policies on compensation.
The fraud shows no signs of slowing, and without swift technological upgrades and policy reforms, Japan risks becoming a hotspot for future financial cyberattacks. Until then, the nation’s push to increase household investment could be hindered by shaken trust in its digital brokerage system.
