Warning as Portsmouth online banking users subject to Trojan cyber attack

MORE than 1,800 attacks on online banking have been launched in the county, police said.

Friday, 4th August 2017, 1:02 pm
Updated Tuesday, 12th September 2017, 12:05 pm
Police are warning about cyber attacks

The banking Trojan cyber attacks affected Charles Dickens and Nelson wards in Portsmouth, along with some areaas in Southampton.

Lucy Dibdin, from Cyber Protect in Hampshire police, said: 'Members of the public and business owners are urged to take extra measures to safeguard their online banking systems after more than 1800 "Banking Trojan" attacks were detected in Hampshire in recent months.

'The most densely affected areas are Bargate, Southampton, Charles Dickens and Nelson in Portsmouth, and the Sholing and Bitterne areas of Southampton.

Sign up to our daily newsletter

The i newsletter cut through the noise

'Whilst it is not possible for us to identify each of the users of the IP addresses affected, we urge anyone who does their banking online to take some simple steps to help safeguard their security.

'Banking Trojans are malicious software (malware) specifically designed to break into an online bank account and transfer money to other accounts controlled by criminals.'

How banking Trojans work

After a banking Trojan infects a web browser – through an infected link or attachment or other means - it will lie dormant, waiting for the computer's user to visit his or her online banking website.

Once that happens, the Trojan silently steals the bank account username and password and sends it to a computer controlled by cyber criminals, sometimes halfway around the world.

The criminals then log into the account and transfer available funds to other accounts at the same bank. But those accounts are registered to "money mules” and within days, or even hours, the money mules withdraw cash from the accounts and wire it overseas via a transfer service.

Many banking Trojans go a step further. They perform what's called a "man-in-the-middle" attack, getting in between the user and the bank and subtly changing what the user's browser displays so that it appears as if a user's transactions are proceeding normally, even while the password and money theft is taking place.

Some of the more advanced banking Trojans don't even need money mules. They can make international transfers directly from a UK bank to one overseas.

Banking Trojans can also display fake warning pages that ask a user to re-enter his login and personal information, conceal the theft of large amounts of money from an account, send real-time transaction information to a cyber criminal instead of to the intended recipient or give users a fake logout page that actually keeps them signed into their accounts.