Between the sheer number and the increasing sophistication of phishing campaigns, seeing should not automatically be believing when browsing online. One particularly sneaky scam is a browser-in-the-browser (BitB) attack, in which threat actors create a fake browser window that looks like a trusted single sign-on (SSO) login page within a real browser session.
Because we use SSO to access many of our online accounts, we may not think twice before entering usernames and passwords on these spoofed pages. Cybercriminals are counting on this to steal user credentials.
Rather than redirecting users to a spoofed website, threat actors running a BitB attack create a fake pop-up within the page you're already on (which may either be set up for the attack or compromised in some way). Using HTML, CSS, and JavaScript, they're able to design a login window that looks exactly like the real one, right down to the lock icon and URL in the pop-up's address bar.
These fake login windows typically appear in a seamless fashion, such as after a click or redirect you're expecting to lead to SSO. Obviously, entering your credentials hands them directly to the attackers, who can either use or sell them.
Fraudulent pop-ups often imitates SSO such as Google, Apple, and Microsoft, though they may exploit any login portal. Earlier this year, researchers at Silent Push identified a BitB phishing campaign targeting Steam users, specifically those playing Counter-Strike 2. Gamers saw a fake browser pop-up window displaying the URL of the real Steam portal, making them more likely to enter their credentials without suspicion. The attackers also featured the likenesses of eSports team NAVI to lend credibility.
Signs of a BitB scam
Because threat actors are able to so closely imitate trusted sign-on pages, including using the real domain in the address bar, a visual inspection may not be enough to catch the fraud. Instead, you need to interact with the window in some way.
In many cases, a genuine SSO pop-up can be dragged around and away from the browser page it appears on top of, so you can first try to move it elsewhere on your screen. However, some SSO dialogs are static, so if you can't drag it, try to highlight the URL or click the padlock icon to show certificate details. If these elements are fake, you won't be able to interact with them at all because the window itself is just an image.
This is also an excellent reason to use a secure password manager to fill your credentials instead of entering them manually. A password manager will work only on the legitimate domain. If it doesn't autofill, don't automatically override it—check to ensure the pop-up is real.
You should also have a strong form of multi-factor authentication (MFA) enabled wherever possible, so even if your username and password are somehow compromised, attackers won't have the additional factor needed to actually access your account. Note that hackers can still phish some forms of authentication—physical keys along with biometrics and passkeys are the most secure options.
Hence then, the article about how to spot a browser in the browser phishing attack was published today ( ) and is available on Live Hacker ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( How to Spot a Browser-in-the-Browser Phishing Attack )
Also on site :
- Canada Dry Brings Back Popular Flavor That Once Flew off Shelves
- Robert Reed’s Daughter, Who Appeared on 'The Brady Bunch', Dies at 69
- '90s Rocker Announces Update on First Solo Album 26 Years After Leaving Band