How to protect against BitM
When users receive account-related security alerts or infringement notifications, they should always
navigate to the official URL in a separate tab instead of following embedded links or buttons on the email itself.
When prompted to enter credentials in login pop-ups,
check if the window can move outside the browser window. iframes, which are essential for the BitB trick, are connected to the underlying window and cannot be pulled outside it.
The general recommendation for protecting access to your online accounts is to
turn on the two-factor authentication protection feature. Although not infallible, this adds an extra layer of security against account takeover attempts even if credentials have been compromised.
Hackers over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials.
www.bleepingcomputer.com
