Font Size A A A

Banking Trojan cyber attacks in Hampshire - how to protect your devices

Alert message sent 04/08/2017 11:26:00

Information sent on behalf of Hampshire Constabulary

Members of the public and business owners are urged to take extra measures to safeguard their online banking systems after more than 1800 ‘Banking Trojan’ attacks were detected in Hampshire in recent months.


The most densely affected areas are Bargate, Southampton, Charles Dickens and Nelson in Portsmouth, and the Sholing and Bitterne areas of Southampton.


Whilst it is not possible for us to identify each of the users of the IP addresses  affected, we urge anyone who does their banking online to take some simple steps to help safeguard their security.


Banking Trojans are malicious software (malware) specifically designed to break into an online bank account and transfer money to other accounts controlled by criminals



How a Banking Trojan works:


After a banking Trojan infects a web browser – through an infected link or attachment or other means -  it will lie dormant, waiting for the computer's user to visit his or her online banking website.


Once that happens, the Trojan silently steals the bank-account username and password and sends it to a computer controlled by cybercriminals, sometimes halfway around the world.


The criminals then log into the account and transfer available funds to other accounts at the same bank. But those accounts are registered to "money mules” and within days, or even hours, the money mules withdraw cash from the accounts and wire it overseas via a transfer service.


Many banking Trojans go a step further. They perform what's called a "man-in-the-middle" attack, getting in between the user and the bank and subtly changing what the user's browser displays so that it appears as if a user's transactions are proceeding normally, even while the password and money theft is taking place.


Some of the more advanced banking Trojans don't even need money mules. They can make international transfers directly from a UK bank to one overseas.


Banking Trojans can also display fake warning pages that ask a user to re-enter his login and personal information, conceal the theft of large amounts of money from an account, send real-time transaction information to a cybercriminal instead of to the intended recipient or give users a fake logout page that actually keeps them signed into their accounts.


How To Protect Your Online Banking:

  • Do not click on links you receive in unsolicited emails, SMS messages (mobile phones) or social media posts.  The links may lead to malicious websites and any attachments could be infected.


  • Only install apps from official app stores such as Google’s Play or Apple’s App store. Disabling any of the default security settings on your mobile device may leave it more susceptible to malware;


  • When logging on to your online banking account, be extremely vigilant every single time.  Be especially cautious if you are asked for details such as the 3 digit (CVV) number on the back of your card, the long number on the front of your card, your card’s expiry date or your 4 digit PIN number.  If the online banking login page does as you for these details, do not log in until you have called your bank to verify that you are logging in to a genuine page;


  • Your bank will never ask you to transfer money out of your account into another. Fraudsters will.  If you receive messages, browser pop-ups or calls asking you to do this – do not respond to them. Call your bank immediately.



For further advice and guidance, please visit:


Hampshire Constabulary’s Cyber Protect team can offer free advice and talks to businesses and organisations.  To discuss any issues or request a talk, please email


On Twitter? Please follow @HCCyberProtect for latest advice and information.


Message sent by
Lucy Dibdin (Police, Cyber Security & Protection Officer, Hampshire )

Message tag words

Back to previous page
Click here to tweet this message to your followers

Discuss this alert message

Please see terms below before using this feature
Please be aware that the facility above is a Facebook service, posting your views will make some of your Facebook information visible to everyone (as with any Facebook activity).

The system administrators (VISAV Limited) monitor the content added. Any misuse or objectionable material should be reported to

The views expressed do not represent the views of the system administrators who are VISAV Limited, the Police, Neighbourhood Watch and other Information Provider using this service.