V3B Phishing Kit - A New Threat Targeting European Banking Customers - Cyber and Fraud Centre

A dangerous new phishing threat called the V3B phishing kit is specifically targeting European banking customers, according to a recent report by cyber security firm Resecurity. While this phishing kit is currently focused on over 54 financial institutions across multiple European Union countries, it highlights how sophisticated phishing attacks are evolving and that similar threats could emerge elsewhere, including in the UK.

What is Phishing?

Phishing is a type of cyber attack where criminals attempt to trick victims into revealing sensitive information like login credentials, credit card numbers, or bank account details. This is typically done through fraudulent emails, text messages or fake websites impersonating legitimate companies or services.

The V3B Phishing Kit

The V3B phishing kit is being sold on Telegram and dark web forums by a cyber-criminal group. It allows fraudsters to launch advanced phishing campaigns by providing:

Pre-built phishing page templates mimicking banking login portals.
Localisation in multiple European languages like French, German, Finnish
Real-time interaction with victims via live chat
Methods to intercept one-time passwords (OTPs), PINs and 2FA codes.
Techniques to bypass security like QR code login jacking.
Evasion capabilities to bypass anti-phishing detections.

The phishing kit has already attracted over 1,255 threat actors focused on various financial fraud schemes like social engineering, SIM swapping and credit card theft. The criminal group provides the V3B kit through a Phishing-as-a-Service model, charging between $130-$450 per month.

Attack Process

The typical attack process using V3B begins with a phishing email or SMS luring the victim to a fake banking website created with the kit. Once on the page, the fraudster initiates a real-time chat session.

Through social engineering tactics like claiming there are login issues, the victim is tricked into providing their account credentials and any one-time passwords received. The kit also deploys innovative techniques like requesting QR codes that the victim scans to approve logins or intercepting PhotoTAN codes used for German mobile banking.

Once credentials and MFA codes are harvested, the fraudster has everything needed to gain full access to the victim’s bank account and initiate unauthorised transfers or empty the funds.

Prevention tips to protect yourself from phishing scams like the V3B kit:

Be cautious of unsolicited emails or SMS messages claiming to be from your bank, especially those creating a sense of urgency.
Never click on links or attachments from untrusted sources
Verify the legitimacy of websites by checking the URL carefully.
Enable multi-factor authentication on your online accounts.
Use unique passwords for different accounts.
Keep your devices, apps and anti-virus software updated.
Report suspected phishing attempts to your bank immediately.

Although currently focused on the EU, the sophisticated nature of the V3B kit means similar phishing threats could emerge targeting UK banks and customers. Staying vigilant and following cyber security best practices is crucial to avoid falling victim.

If you suspect you’ve been targeted or had your banking details compromised, contact your bank right away and follow their instructions to secure your accounts and limit potential financial losses.

05.06.24

Threat Intelligence Alerts