Hundreds of Japanese investors have awakened to a nightmare: their stock accounts emptied, their investments liquidated without consent, their money funneled into obscure Chinese stocks they never wanted. It’s a mess. A big, expensive mess.

Since February 2025, Japan’s financial sector has been rocked by a wave of fraud. The numbers are staggering – ¥100 billion (about $710 million) in unauthorized trading. No signs of stopping. February saw 33 cases. March? 685. By mid-April, another 736 had popped up. That’s exponential growth, folks.

The fraudsters aren’t particularly creative. Just effective. They use phishing sites mimicking legitimate brokerages to steal login credentials. Sometimes they deploy infostealer malware. Or “Adversary-in-the-Middle” techniques. Whatever works.

Once in, they sell victims’ holdings and buy thinly traded stocks – often Chinese – where they’ve already established positions. Classic pump and dump. Only this time, it’s someone else’s money doing the pumping.

The victims are left holding worthless stocks and empty accounts. One lost ¥2.1 million. Another ¥9.7 million. Some poor soul got hit for ¥50 million. Major firms like Rakuten, Nomura, and SBI have all been affected.

Japan’s Financial Services Agency isn’t amused. They’ve issued urgent warnings and are monitoring markets closely. The Japan Securities Dealers Association wants mandatory multi-factor authentication. Really, they’re just now thinking about that?

Brokerages have scrambled to respond. Some suspended buy orders for certain stocks. Others improved security measures. The government has pressured them to compensate victims – though some firms initially balked at covering losses.

Part of the problem? Japanese investors prefer browser-based trading over more secure mobile apps. Victims like Mai Mori have reported that police often refuse to accept complaints, instead directing them back to the brokerages. Experts recommend strong, unique passwords for each financial account to minimize vulnerability. Simple habits, costly consequences. At least 105,000 cases of leaked credentials have been identified in Japan.

This surge isn’t just costing money. It’s eroding trust in online trading. And the scammers? They’re using news of the fraud to launch new phishing attempts. Nothing like exploiting panic about exploitation.