Browser-in-the-browser attack: a new phishing technique

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
544
3,920
1,369
Australia
Content source
https://www.kaspersky.com/blog/browser-in-the-browser-attack/44163/
  • Like
  • Wow
  • +Reputation
Reactions: Andy Ful, Moonhorse, SeriousHoax and 9 others
MuzzMelbourne said:
www.kaspersky.com

What is a browser-in-the-browser (BitB) attack?

What a “browser-in-the-browser” attack is, and how to prevent a phishing site that uses it from stealing your password.
www.kaspersky.com www.kaspersky.com
Click to expand...
This actually seems pretty concerning. Most phishing is pretty obvious. This is much less so. Even fairly cautious people could be deceived. But since the fake Browser in the Browser is still at the phishing site password managers shouldn't feed the password automatically which is good.
 
  • Like
  • Applause
Reactions: MuzzMelbourne, Kongo, Moonhorse and 4 others
blackice said:
This actually seems pretty concerning. Most phishing is pretty obvious. This is much less so. Even fairly cautious people could be deceived. But since the fake Browser in the Browser is still at the phishing site password managers shouldn't feed the password automatically which is good.
Click to expand...
I wonder if features like HTTPS scanning provided by some products will make it easier to identify these.
 
  • Like
Reactions: Azure, MuzzMelbourne, ErzCrz and 1 other person
This is why I don’t use password managers or auto-fill functions. Login details are only stored in my necktop computer…
 
MuzzMelbourne said:
This is why I don’t use password managers or auto-fill functions. Login details are only stored in my necktop computer…
Click to expand...
I think the autofill function wouldn't work in this case, since the page is actually just the phishing url spoofing a page.
 
  • Like
Reactions: Azure
You must log in or register to reply here.

You may also like...