▲ Financial district in Yeouido, Seoul
Police are investigating a case in which an LS Securities employee processed stock orders based on a hacked, fraudulent email, resulting in billions of won in losses for a foreign investor.
The Financial Supervisory Service (FSS) has repeatedly emphasized the need for rigorous internal controls in the financial investment sector, noting that small and mid-sized financial firms are increasingly becoming targets for hacking attacks.
According to the financial sector on July 8, the Seoul Metropolitan Police Agency's Cyber Investigation Division is investigating an incident where an LS Securities employee received a fraudulent email earlier this year and executed stock-related orders for a foreign investor, identified as A, leading to the unauthorized withdrawal of billions of won in funds.
LS Securities had been performing orders in the capacity of a standing proxy for A.
A standing proxy is a system that allows foreigners residing abroad to have necessary procedures, such as investment registration, account opening, and the exercise of rights, handled on their behalf when trading domestic stocks.
The securities firm employee processed various orders, including stock purchases, sales, and cash withdrawals, multiple times over a certain period in accordance with the contents of the fraudulent emails.
LS Securities estimates that the scale of the damage suffered by A during this series of processes is in the range of 3 billion to 4 billion won.
However, it is reported that A claims to have suffered losses of around 8 billion won, taking into account investment opportunity costs.
LS Securities claims that it has determined, through the Financial Security Institute and other channels, that the incident was not a result of a hack into the company's own systems.
The firm is focusing on the possibility that A's email account was compromised.
The FSS also launched an inspection immediately upon becoming aware of the incident and has completed its investigation into the circumstances.
Even if LS Securities was not directly hacked, critics point out that there may have been a failure in necessary internal controls, such as the lack of a procedure to directly verify with A while executing multiple orders based on fraudulent emails.
According to the financial sector, there have been reports of other securities firms recently receiving hacked, fraudulent emails and executing orders accordingly, only to resolve the situation just before the funds were withdrawn.
The FSS is closely monitoring the rise in hacking attacks targeting small and mid-sized financial firms.
In fact, hacking incidents occurred consecutively at MSI Loan and NR Capital Loan in April, resulting in the leakage of some customer information.
In September of last year, a domestic IT management company was hacked by an international ransomware group, leading to the theft of internal data from about 20 small and mid-sized asset management firms that were clients of the company.
The FSS believes that these incidents are primarily caused by inadequate internal controls.
Last month, the FSS shared the types and characteristics of such incidents with the financial investment industry and ordered the strengthening of internal controls, emphasizing the need to go through procedures to carefully verify investor-related information, such as email addresses and content, before executing orders as a standing proxy.
(Photo: Yonhap News)