A new phishing technique dubbed browser-in-the-browser (BitB) attack allows threat actors to simulate a browser window within a browser, spoofing a legitimate domain and initiating a convincing phishing attack.

A penetration tester and security researcher, known as mrd0x on Twitter, explained how the method takes advantage of third-party single sign-on (SSO) options on websites such as “Sign in with Google” (or Facebook, Apple, or Microsoft).

The default behaviour sign in methods such as these is to greet users with a pop-up window to complete the authentication process. BitB attacks aim to replicate this process using a mix  HTML and CSS code, presenting users with a fabricated browser window.

The post New attack technique makes phishing near undetectable appeared first on IT Security Guru.

source

You May Also Like

Fraudsters abuse Twitter APIs to monitor public tweets and pish cryptocurrency scams

Fraudsters use bots to monitor Tweets requesting support to MetaMask, TrustWallet, and…

EU announces provisional cybersecurity directive

The European Parliament announced a “provisional agreement” with the aim of bolstering…

Dozens of malicious APT15 sites seized by Microsoft 

Microsoft has seized a number of malicious sites which were targeting organisations…

76% of UK healthcare organisations want government to ban ransomware payments

A new study from Obrela Security Industries has revealed that 76 percent…