Security Awareness


Over the last 48 hours, cyber criminals have been selling a new phishing kit (V3B) that has been targeting users of 54 major financial institutions in Europe, with the United States likely to be the next target.
A phishing kit is a set of software tools and materials that cybercriminals use to carry out phishing attacks. These kits make it easier for attackers to trick users into disclosing sensitive information by simplifying the process of establishing and administering phishing campaigns. Phishing usually consists of an email that forces the victim to reply quickly and a landing page (often a false login page from a well-known provider such as Office 365 or Google) where sensitive login details are gathered. Cybersecurity experts at Resecurity discovered this new phishing kit that is swiftly gaining popularity among cybercriminals since it cost between $100 and $500 a month, depending on the feature bundle purchased. The developers advertised it on Telegram, and the group swiftly swelled to over 1,250 members.
The introduction of this phishing kit represents a big step forward in phishing-as-a-service (PhaaS) platforms, providing advanced tools to support cybercrime. Phishing kits, such as V3B, can be used not only to get banking credentials and credit card information, but also to assist larger-scale intrusions. Furthermore, it will allow Cyber criminals with a real-time interaction feature, enabling tailored phishing attempts such as acquiring one-time passwords (OTPs) and, increasing the kit's efficiency in evading detection and committing cybercrimes. This ability to avoid detection by anti-phishing methods increases the likelihood of successful phishing assaults and account hacks, which can potentially result in significant financial losses and compromising personal information for financial institutions and account holders.