Rakuten login issues - Security

[Seasider4374]

I've been a Rakuten Securities user for 18months or so, but in the past few weeks I've been met with "you seem to be trying to login in from a new location on this device" type of message, and then asked to enter a secondary security stage login process.

Option two of this security stage seems to be "let us text you a logon code to your registered phone no.", which I did the first time I encountered this. And I could log on just fine after that for a week or two (logging on normally - no secondary logon input needed).

Then recently the "new location/device" message appeared again but the second "let us text you a logon code" option is greyed out...

And so my only option seems to be (their recommendation) of calling a freephone 0120- number to confirm my phone number/identity...

But this feels very "phishy" to me. Why should I phone "them" to confirm AND THERFORE RE-RELAY my phone number to them, rather than they just call/text me via the phone no. they have on record for me...?

Has anyone else experienced this?

Re. the VPN comment in the title, I've used VPN's to access UK/US/JP content since way before I joined Rakuten. And have had no issue previously connecting to Rakuten under any VPN location to date until recently.

If helpful/relevant I've also moved apartment in the past 3 months, but again had no problem logging in to Rakuten Securities for the first 2 months or so at my new apartment on their wifi. My new address details were updated online as soon as I moved with Rakuten.

...

[Deep Blue]

If you are connected to their website and not some random phishing scam, then I wouldn’t worry about it. Unfortunately we all need to jump through more hoops than we’d like these days, but I’m sure the extra authentication is keeping our accounts safer.

[zeroshiki]

There's been a lot of reports of people getting "hacked" and having their account buy Chinese stocks or something. The securities companies have been tightening up security because of these reports.

[Hearthian]

They have explainers all over the Rakuten site explaining very clearly why this is happening:

1. They are tightening security due to the recent surge in fishing scams where hackers use peoples accounts to drive up the prices of specific cheap stocks. (seems to be especially some Chinese stocks which hey are also restricting purchase of).

2. One of the things they are doing to prevent this is requiring extra authentification when they detect a log-in from an unusual IP, it is almost definately your VPN triggering this. It didn't trigger it before because they weren't as strict on it before.

3. When it detects access from a new location it will trigger the 2 factor authentification. That used to be a choice between the text message or by calling a free-dial number, but:

4. The text message option is currently unavailable for all users. (There are also a lot of warnings to check that you have the correct, and up-to-date mobile number registered, as without it you might have a lot of trouble acessing your account).

[Tsumitate Wrestler]

There's been a lot of reports of people getting "hacked" and having their account buy Chinese stocks or something. The securities companies have been tightening up security because of these reports.

Context -> {Bloomberg} https://archive.md/Bnu1D

Context -> { Bloomberg Japanese} https://www.bloomberg.co.jp/news/articl ... MKT0G1KW00

[Seasider4374]

Thanks for all the replies and explainers. Personally I feel most (95%+) users will already have their contact details up to date on the site, and so the default second stage security check should be for Rakuten to call us (as was the case prior before becoming greyed out), rather than we have to call them.

But the phone no. to call is listed on a legit Rakuten address so all looks okay. Thanks again

[sutebayashi]

Today テスタ, a famous individual investor announced on twitter that he has fallen victim to account hijacking, with his rakuten account.

I have futures and CFD accounts with rakuten myself and so hopefully I can set up multi factor authentication for them soon.

My family's security accounts are with monex but especially for the kids accounts they are rarely logged into so I want to set up multifsctor authentication for those too, if I can, using my phone for the one time passwords... Not sure that will be possible but will try.

[zeroshiki]

I have MFA on my Rakuten account. They send you two pictures through email and you need to pick out the pictures on the login page.

[RetireJapan]

I have MFA on my Rakuten account. They send you two pictures through email and you need to pick out the pictures on the login page.

Me too. It's slightly annoying, but probably worth it.

[captainspoke]

For my US account, the broker sent me a security dongle like this. I've even had this replaced maybe twice--they overnight a new one via fedex.

Has this kind of 2FA been discussed as one of the options for increased security here?

You do have to call in to do setup confirmation on receipt, to get the device code (on the back) and the timing/clock thing set up, but then it's just this dongle, and the code it generates that you add to your password. Nothing SMS and you don't need a phone, no pictures to click, etc. The six digit code it generates lasts about 30 seconds, plenty enough for a login.