Online brokerage accounts in Japan continue to be hijacked in significant numbers, according to the Financial Services Agency.

In May, 2,289 unauthorized transactions were logged, and ¥200 billion of fraudulent trades were made, the FSA said in a report released last week.

That’s down from April’s 2,910 illicit transactions and about ¥290 billion in fraudulent trading but still high by historical standards.

Alleged fraudsters are still taking advantage of possible security loopholes to hijack user accounts and invest the assets to their advantage.

Since March, the number of online brokerage hacking cases has skyrocketed in Japan. The total number of illicit transactions between March and May reached 5,886, while the value of unauthorized trading was more than ¥500 billion.

Only 72 unauthorized transactions were reported for January and February.

The Japan Securities Dealers Association has confirmed hijacking cases at 16 brokerages, including some of the largest, and warned that alleged cyber crooks are now targeting accounts at smaller securities companies as well.

They use phishing techniques, malware and other illicit means to gain access to user accounts. Securities are then sold, and the proceeds are used to buy shares held by the hackers to prop up the prices of these shares.

Cybersecurity experts have pointed out that hijacking incidences have increased significantly in recent months as hackers have found that many brokerages have security holes, such as a lack of multifactor authentication.

Multifactor authentication adds an extra layer of security by requiring a second step, such as a fingerprint or a passcode sent by text or generated by an app or a separate device.

A number of brokerages offer multifactor authentication, but whether to use it or not is up to the customer in many cases.

To strengthen security, 76 brokerages have said they will make multifactor authentication mandatory for trading procedures, but it will take time for some brokerages to implement the extra security step.

The FSA warns that users should not reuse the same password for different accounts. To protect from malware, it is also important to update operating systems, while installing an anti-malware service can be effective.