Online criminals target banking clients in Europe using V3B phishing kit – with PhotoTAN and SmartID compatibility.

AndyC 5 June 2024

Online criminals target banking clients in Europe using V3B phishing kit – with PhotoTAN and SmartID compatibility.

Cybercriminals attack banking customers in EU with V3B phishing kit - PhotoTAN and SmartID supported.

Online criminals target banking clients in Europe using V3B phishing kit – with PhotoTAN and SmartID compatibility.

Pierluigi Paganini
June 04, 2024

Resecurity uncovered a cybercriminal group providing a sophisticated phishing kit called V3B, aiming at banking clients in Europe.

Resecurity disclosed a new cybercriminal syndicate offering Phishing-as-a-Service platform that equips scammers with advanced kit called “V3B” to target banking clients in Europe.

“Currently, it is estimated that hundreds of cybercriminals are using this kit to commit fraud, leaving victims with emptied bank accounts. Their Telegram channel has over 1,255 members, a significant indicator of the extent of the malicious activity promoted by the group.” as mentioned in the report published by Resecurity. “The majority of members on this Telegram channel are skilled cybercriminals who specialize in various forms of fraud. These comprise:

  • Social manipulation techniques
  • SIM swapping plans
  • Banking and credit card scams”

The attackers deploy different social manipulation and spoofing strategies to deceive victims into disclosing their confidential data, which aids in real-time interaction to exploit and bypass MFA (Multi-Factor Authentication).

The kit is programmed to intercept confidential information, such as banking logins, credit card details, personal data, and OTP/TAN codes. Apart from conventional tokens (like SMS codes), the kit supports QR Codes and PhotoTAN method (which is broadly used in Germany and Switzerland), suggesting that fraudsters are keeping tabs on the latest MFA/2FA technologies adopted by banks and attempting to exploit potential bypass methods to deceive their clients.

V3B phishing kit is compatible with more than 54 financial institutions (centered in Austria, Belgium, France, Finland, Greece, Germany, Italy, Netherlands, Norway, Poland, Spain), showcasing tailored and localized models to imitate the authentication and verification processes of primary online banking, e-commerce, cryptocurrency providers, and payment systems in Europe.

For detailed technical information about the phishing kit, refer to the report published by Resecurity: https://www.resecurity.com/blog/article/cybercriminals-attack-banking-customers-in-eu-with-v3b-phishing-kit

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, V3B)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , , ,

More Stories

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

AndyC 20 December 2025
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

AndyC 20 December 2025
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

AndyC 20 December 2025
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

AndyC 19 December 2025
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

AndyC 19 December 2025
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

AndyC 19 December 2025

You may have missed

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
The WAF must die – some interesting thoughts – FireTail Blog

The WAF must die – some interesting thoughts – FireTail Blog

AndyC 20 December 2025
The WAF must die – some interesting thoughts – FireTail Blog

The WAF must die – some interesting thoughts – FireTail Blog

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.