Rising phishing attacks have pushed IG Securities to tighten account protection, with the broker set to require all clients to enable two-factor authentication (2FA) by June.

IG Securities confirmed that it will make 2FA compulsory for all users, replacing its current optional setup. The company linked the move to a sharp increase in unauthorized access attempts across the industry, driven by phishing scams and other methods targeting client credentials.

• IG Australia Launches MCP Server, Opens Its Trading Platform to ChatGPT
• IG Group Hits Record High on 11% Jump, Putting 2028 Stretch Targets Within Reach
• IG Group Lifts 2026 Revenue Guidance After Q1 Organic Sales Climb 19% to £331 Million

“Unauthorized access to securities accounts through phishing Phishing Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Read this Term scams and other means is rapidly increasing across the industry,” the company said in its notice.

Mandatory 2FA Rollout

Once the new rule takes effect, clients who have not activated 2FA will be unable to log into their accounts. Users who already completed the setup will not need to take further action. The broker urged clients to enable the feature in advance to avoid disruptions. It warned that support teams may face a surge in requests around the implementation period.

Related: IG Japan Halts Retail Vanilla Options Trading Three Months After Launch

The setup process requires users to install an authentication app, such as Google Authenticator or Microsoft Authenticator, and enable 2FA through the IG trading app settings.

Notably, IG Japan recently admitted to mishandling client data after uncovering two separate issues involving “specific personal information,” including Japan’s My Number identification details.

The broker said some employees within the wider IG Group had unauthorized internal access to customer records via an internal system. It potentially affected 162,879 clients whose names, dates of birth, addresses, contact details, and My Number data could be viewed. The firm said it does not know when this internal access problem began.

IG Japan Faces Data Handling Questions

In a second issue, IG Japan reported that data for 29,734 customers was stored on an external server managed by IG Markets Limited without prior approval from IG Securities, following a contractor oversight around late January.

IG Japan suspended new vanilla options trades for retail clients, only three months after launching the product for individual investors in February. It remains unclear whether this step was related to security risks. The pause came as the broker continues to offer vanilla options trading to corporate clients, a segment it added earlier when it expanded the service beyond retail.