New Undetectable Phishing Technique – Browser-in-the-Browser

Techniques for stealing confidential banking credentials and data by cybercriminals are becoming increasingly sophisticated. Generally, they tend to use the public’s misinformation about Internet security measures to carry out their attacks and surprise us if we let our guard down. In this article, we will explain BitB, a technique to deceive users and get hold of their data.

Where is the risk in all this?

Cybercriminals create pages that look very similar to the ones mentioned above to try to steal user passwords or access credentials. This technique is known as Browser-in-the-Browser, in which a cybercriminal or phisher simulates a page of an online service to introduce a single login popup window into it, making the user believe that it is a legitimate login window, like the ones we are used to seeing on many legitimate websites and enter your credentials.

What risks does the BITB entail?

Next, we will see some of the most likely risks that we could face if we become a victim of this attack:

• Theft of credentials we have logged in (email, social network, etc.).
• Extortion, for having access to our data from different user accounts.
• Economical charges due to the theft of bank details.
• Loss of account control and identity theft.

How to detect it?

• To check the authenticity of the access form of a certain web page and avoid being a victim of BITB, you can follow the following guidelines. Suspect if:
• A new window does not open on the taskbar for login.
• It does not allow you to modify the size of the popup window.
• You try to change the content of the address bar, and it is impossible.
• The popup window disappears when minimizing the main window. Minimizes the main browser window from which the login form appeared. If this form disappears simultaneously with the one on the home screen, it is a fraudulent window. The actual windows always remain on the screen. Therefore, by reducing or eliminating one, the other should remain in view.

Dragging the popup off the browser border causes it to get stuck and not detach. It tries to drag the main window of the login further from the edge of the main window, that is, away from the main window. A normal window would cross without a problem since it is not part of the other, while a dummy or malicious window would get stuck inside the main window as if it were part of it.

In summary, if the main window with the form has the behaviors indicated above, it is not a legitimate and safe page. Please do not enter your credentials in it in any case!

What happens if I enter my credentials into one of these fraudulent forms? The password and username you provided will be sent directly to the cybercriminal’s server, even if clicking redirects you to the official pages or if nothing happens visually.

How can I protect myself?

• Have a password management program or application for all the passwords you regularly use and thus enhance security. This way, you will only enter your passwords on the web page, previously checking that it is legitimate.
• Verify the login or registration page URL using tools such as URL and file analyzers.
• Configure, whenever possible, two-step authentication, thus ensuring that if someone manages to steal your passwords, they cannot break into your accounts without the unique code you will receive.
• Carefully examine suspicious windows and check for strange behavior, poor image quality, special characters, inconsistent or misspelled text, etc.
• Be wary of sites you have never heard of or that request that you access their services through other external websites.

Ultimately, avoiding these types of attacks largely depends on us, as responsible users, being vigilant and paying attention to the websites we browse to avoid them once we know how they work. We invite you to continue growing and learning with the resources on our website. Remember! Always stay up-to-date!