TLDR
Reverse proxy phishing kits (EvilProxy, Tycoon) intercept the PSD2 Strong Customer Authentication flow live: victim enters credentials on the phishing site, the proxy forwards them to the real bank, intercepts the SMS/push OTP, and the...
How it works
Reverse proxy phishing kits (EvilProxy, Tycoon) intercept the PSD2 Strong Customer Authentication flow live: victim enters credentials on the phishing site, the proxy forwards them to the real bank, intercepts the SMS/push OTP, and the...
Red flags
- Urgent pressure to click, pay, or share codes immediately.
- A link or sender that does not match the official organization.
- Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What to do
- 1WHAT TO DO: never approve unexpected push TAN.
Source
EBA
Source reviewed by Mythos Forensic Team
https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-moneyFAQ
Is EBA — real time PSD2 MitM attack capturing strong customer authentication a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What should I do first?
WHAT TO DO: never approve unexpected push TAN.
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.