In News

Members of the public and business owners are urged to take extra measures to safeguard their online banking systems after more than 1800 ‘Banking Trojan’ attacks were detected in Hampshire in recent months.

The most densely affected areas are Bargate, Southampton, Charles Dickens and Nelson in Portsmouth, and the Sholing and Bitterne areas of Southampton.

Whilst it is not possible for us to identify each of the users of the IP addresses identified as being affected, we urge anyone who does their banking online to take some simple steps to help safeguard their security.

Banking Trojans are malicious software (malware) specifically designed to break into an online bank account and transfer money to other accounts controlled by criminals



How a Banking Trojan works:

After a banking Trojan infects a web browser – through an infected link or attachment or other means –  it will lie dormant, waiting for the computer’s user to visit his or her online banking website.

Once that happens, the Trojan silently steals the bank-account username and password and sends it to a computer controlled by cybercriminals, sometimes halfway around the world.

The criminals then log into the account and transfer available funds to other accounts at the same bank. But those accounts are registered to “money mules” and within days, or even hours, the money mules withdraw cash from the accounts and wire it overseas via a transfer service.

Many banking Trojans go a step further. They perform what’s called a “man-in-the-middle” attack, getting in between the user and the bank and subtly changing what the user’s browser displays so that it appears as if a user’s transactions are proceeding normally, even while the password and money theft is taking place.

Some of the more advanced banking Trojans don’t even need money mules. They can make international transfers directly from a UK bank to one overseas.

Banking Trojans can also display fake warning pages that ask a user to re-enter his login and personal information, conceal the theft of large amounts of money from an account, send real-time transaction information to a cybercriminal instead of to the intended recipient or give users a fake logout page that actually keeps them signed into their accounts.



How To Protect Your Online Banking:

  • Do not click on links you receive in unsolicited emails, SMS messages (mobile phones) or social media posts.  The links may lead to malicious websites and any attachments could be infected.
  • Only install apps from official app stores such as Google’s Play or Apple’s App store. Disabling any of the default security settings on your mobile device may leave it more susceptible to malware;
  • When logging on to your online banking account, be extremely vigilant every single time.  Be especially cautious if you are asked for details such as the 3 digit (CVV) number on the back of your card, the long number on the front of your card, your card’s expiry date or your 4 digit PIN number.  If the online banking login page does as you for these details, do not log in until you have called your bank to verify that you are logging in to a genuine page;
  • Your bank will never ask you to transfer money out of your account into another. Fraudsters will.  If you receive messages, browser pop-ups or calls asking you to do this – do not respond to them. Call your bank immediately.



For further advice and guidance, please visit:

Hampshire Constabulary’s Cyber Protect team can offer free advice and talks to businesses and organisations.  To discuss any issues or request a talk, please email

On Twitter? Please follow @HCCyberProtect for latest advice and information.


Contact Us

Send us a message and we'll get back to you.

Not readable? Change text. captcha txt

Start typing and press Enter to search