An international scheme in which hackers accessed dozens of online brokerage accounts to manipulate stock prices holds cybersecurity and beneficial ownership lessons for compliance professionals.

The Securities and Exchange Commission (SEC) charged 18 individuals Monday for allegedly participating in a scheme in which they hacked into retail investors’ brokerage accounts, forced those accounts to purchase large blocks of two microcap stocks, then sold their existing holdings of the same stocks at artificially inflated prices.

The alleged misconduct, which took place from 2015-18, involved two overlapping groups of individuals operating outside the United States and Canada but involving offshore accounts and exchanges in a dozen countries. The scheme generated approximately $1.3 million in illicit profits, the SEC said.

“This case illustrates the critical importance of cybersecurity and of our ongoing efforts to protect retail investors from cyber fraud,” said Gurbir Grewal, director of the SEC’s Division of Enforcement, in a press release. “The SEC remains committed to rooting out this type of wrongdoing. Investors should also take precautions, including choosing strong passwords, using different passwords for different accounts, and using two-factor authentication when available.”

According to the SEC’s complaint, filed in U.S. District Court for the Northern District of Georgia, the fraudsters hired freelance hackers to breach brokerage accounts and buy large blocks of two microcap stocks: Lotus Bio-Technology Development Corp. (LBTD) and Good Gaming.

“In multiple instances, the defendants sold stock executed directly to the forced purchases in the hacked accounts,” the complaint said. The activity helped create the impression the value of the stocks was trending up, the SEC said.

In some cases, the hacked accounts had not executed any trades in previous days, and the high volume of purchases of one particular stock in one day could have been deemed suspicious by the broker-dealer firms controlling those accounts. In all cases, the owners of the hacked accounts did not authorize the purchases, the SEC said. The broker-dealers reimbursed their customers for the losses.

When one of the alleged perpetrators of the fraud opened a brokerage account to trade LBTD shares, she asked the broker-dealer if she could open “more accounts” with the broker-dealer “so as to spread LBTD share ownership between multiple entities and stay ‘under 10 percent’ ownership,” the complaint said. The SEC said the fraudster was attempting to avoid the agency’s beneficial ownership rules, which require a report to the commission whenever a person or group acting in concert owns more than 5 percent of a class of registered securities and the filing of another report by any person (including a group acting in concert) who is directly or indirectly the beneficial owner of more than 10 percent of a class of registered securities or is a director or officer of the issuer.

The fraudsters eventually transferred a significant portion of the LBTD stock to another account controlled by a different brokerage firm, the SEC said. They hid their beneficial ownership of LBTD stock through various offshore entities located in the United Kingdom, Belize, the Bahamas, and Switzerland.