A sophisticated phishing campaign has emerged targeting users of Monex Securities, one of Japan’s largest online brokerage platforms formed through the merger of Monex, Inc. and Nikko Beans, Inc. Since early April 2025, attackers have deployed a series of fraudulent domains leveraging the .cn top-level domain to impersonate Monex’s legitimate services. These domains use randomized alphanumeric strings in their root paths followed by the “/monex/” directory (e.g., hxxps://ijnu[.]cn/monex), creating URLs that superficially resemble authentic Monex subdomains.
The campaign employs socially engineered emails with the subject line “登録情報の確認および更新のお願い (Translated: “[Monex Securities] Request to confirm and update registered information”).
Upon clicking the embedded link, users are redirected to a fraudulent Monex Securities login page designed to harvest their credentials. Once attackers gain access to the victim’s account, they can exploit sensitive financial information and potentially carry out unauthorized transactions.
According to the report, Symantec has implemented robust countermeasures to protect users from this threat. Email security products under Symantec’s portfolio have been updated to detect and block these phishing attempts effectively. Additionally, Symantec’s Email Threat Isolation (ETI) technology provides an added layer of defense by isolating malicious links and preventing users from interacting with harmful content.
On the web front, all observed phishing domains and IPs have been categorized under security filters in WebPulse-enabled products, ensuring that users are shielded from accessing these fraudulent websites. These proactive measures are designed to mitigate risks and safeguard customer accounts against credential theft.
This phishing campaign underscores the growing sophistication of cybercriminals targeting financial institutions and their customers. Investors are advised to remain vigilant when receiving unsolicited emails requesting personal or account-related information. It is critical to verify the authenticity of such messages through official channels before taking any action.
Monex Securities users should ensure their accounts are secure by enabling multi-factor authentication (MFA) and regularly updating their passwords. Additionally, organizations like Symantec continue to play a vital role in combating cyber threats by deploying advanced security solutions tailored for email and web-based attacks. As phishing campaigns evolve, awareness and adherence to cybersecurity best practices remain essential for individuals and institutions alike.
