Respondrity experts discovered the new V3b phishing set, which is targeted at customers of European banks.
According to the Resecurity report, a group of cybercriminals is selling the V3b phishing set through Telegram. The campaign was initiated in March 2023 by a member known as VSSRTJE. The kit is priced between $130 and $450 per month.
Currently, over 1255 cybercriminals are using the V3B set to engage in fraudulent activities like social engineering, SIM swapping schemes, and banking fraud. The kit is directed at more than 54 financial institutions within the European Union.
The V3B phishing set is capable of intercepting confidential information such as OTP codes and account data using social engineering tactics. It comprises two components: scenarios and authorization pages for online banking.
The kit utilizes customized CMS with templates available in different languages like Finnish, French, Italian, Polish, and German. V3B mimics the authentication processes of online banking and EU e-commerce systems, offering advanced features like tokens, bot protection, mobile and desktop interfaces, live chat, and support for OTP/Tan/2FA.
To evade anti-phishing systems and search engines, the V3b phishing set obfuscates its JavaScript code in multiple ways. It also leverages the Telegram API to transmit stolen data to fraudsters in real-time, notifying them of successful attacks.
One notable feature is the QR code generator, which can exploit services like WhatsApp, Discord, and Tiktok that rely on QR code entry. By manipulating browser extensions, V3B can trick victims into scanning a code that grants attackers access to their accounts.
While authentication technologies used by banks may vary, the inclusion of support for alternative verification methods by scammers, rather than relying solely on traditional SMS, poses a challenge for fraud prevention teams and legitimate customers.
To safeguard against V3B phishing set attacks, individuals are advised to verify email senders, avoid entering personal information on unknown websites, and utilize multifactor authentication for enhanced security.