Cyber Security - Series -Part #7
Browser in the Browser (BitB) Attacks are a kind of phishing attack, first written about in March 2022, where threat actors will attempt to steal your login credentials.
Threat actors create and direct you to a website that gives you the option of using single sign on (SSO) through a trusted sign-in partner rather than creating an account.
Instead of linking to the actual sign-in partner you select, a false pop-up mimicking a browser window appears, with the intention of capturing your account information. The false pop-up will appear to have the correct URL and can be quite convincing but is a trick of website design.
BitB windows cannot exist outside of their browser window, and so canβt be dragged outside of the browser frame. Password managers will also not be fooled by BitB false pop-ups and will not fill in your credentials. Watch for these clues!ππ»