Phishing Scams Target Rakuten and SBI Securities, Prompting Enhanced Security Measures

Rakuten Securities Warns of Phishing Scam and Strengthens Security Measures

Rakuten Securities Inc. has issued a warning to its customers about fraudulent transactions on its website, believed to be linked to a phishing scam. The company has strengthened its identity authentication procedures to protect its customers.

The fraudulent transactions involved the unauthorized sale of customers' stocks and investment trust funds, followed by the purchase of Chinese company stocks without their knowledge or consent. Rakuten Securities believes that phishing emails, designed to look like they were sent from the company, triggered these transactions.

The emails instructed customers to confirm their account information by clicking on a link, which directed them to a fake website. If customers entered their login IDs and passwords on the fake website, their registration information was stolen, and their accounts were used fraudulently.

To prevent further fraudulent activity, Rakuten Securities has implemented a new security measure called "risk-based authentication." When customers connect to the company's website from a different device than they normally use, they are required to enter their login IDs, passwords, and additional authentication information. They must also call a designated toll-free number from a phone number registered with the company.

Rakuten Securities also recommends that customers change their personal identification numbers.

SBI Securities Also Affected by Similar Fraudulent Transactions

SBI Securities Co. has also confirmed similar fraudulent transactions involving Chinese companies' stocks. The company believes that only a few customers were affected, compared to the number of affected Rakuten Securities customers.

SBI Securities customers have also been receiving suspicious emails, similar to the phishing emails targeting Rakuten Securities customers. The emails claim that SBI's system has detected abnormal transactions and temporarily suspended their accounts, prompting them to enter their login IDs and passwords to lift the suspension.

SBI Securities is strengthening its identity authentication procedures and has implemented a two-factor authentication process for all money withdrawals, regardless of the amount. Customers will receive emails containing an authentication code in addition to the traditional login procedure.

SBI Securities urges its users to remain vigilant, avoid clicking on links in suspicious emails, and refrain from entering passwords or other personal information on fake websites.