When creating phishing lures, attackers may cite recent major regulatory changes within the context of their social engineering scheme to confuse or further entice victims into clicking a link or performing some action.
For example, in September 2019 the EU directive PSD2 went into effect (with some parts delayed until the end of 2020). This new directive requires an increase in security controls used by EU financial institutions.
From a client’s perspective, one of the biggest changes from PSD2 is the use of additional authentication measures like SMS OTPs (one time passwords) for accessing online banking and electronic payments.
Source: Scuri check