Symantec has recently identified a series of phishing campaigns that targets users of Monex Securities (マネックス証券), one of Japan’s leading online securities companies. Monex Securities was formed through the merger of Monex, Inc. and Nikko Beans, Inc. and offers a range of financial services to individual investors in Japan.
What Happened
The phishing campaigns involve threat actors creating a series of randomly generated alphanumeric five-character domains with a .cn top-level domain. These domains are made to impersonate Monex Securities, with the keyword “monex” in the first directory of the URL (for example, ijnlu[.]cn/monex).
The phishing mails are sent as notification messages to trick users into clicking malicious URLs by asking them to confirm and update their account information.
The emails typically feature the following subject line: 【マネックス証券】登録情報の確認および更新のお願い Translated: “[Monex Securities] Request to confirm and update registered information.” Clicking on the link within these emails redirects users to Monex Securities phishing site designed to steal credentials.
Conclusion
Investors must stay vigilant and thoroughly verify the authenticity of any communication before taking action. Checking the legitimacy of emails and links before clicking can reduce the risk of falling victim to phishing attacks.
Source: hxxps[://]www[.]broadcom[.]com/support/security-center/protection-bulletin/new-phishing-campaign-targets-monex-securities-users
Follow us on X and Linkedin for the latest cybersecurity news
