While reading on the different types of phishing attacks, recently I came across an interesting article by mr.d0x. His article explores the type of attack called Browser in the Browser (BITB). It is a novel phishing attack that exploits the user by simulating a browser window within a browser to spoof a legitimate domain. In simple terms, the pop-up window is used for spoofing.
For all those who want to access the net and be safe, the first thing they will note is to look for whether the website URL shows HTTPS. This will indicate that the site is secured with TLS/SSL encryption.
Of course, as technology develops, cybercrimes also develop with time. The URL method of checking is not reliable for quite some time because of many homographs attacks, DNS hijacking, and more. Now we can add one more attack to this list.
BITB
This BITB attack exploits the advantage of the third-party single sign on options (SSO) embedded on websites that issue pop-up windows for authentication. For example, Sign into Facebook, Apple, Google, or Microsoft. And it should be taken into consideration that these kinds of SSO pop-up methods are used widely for authentication.
Fabricating POP up is easy
According to the researcher, mr.d0x, creating a malicious pop-up window is very simple using basic HTML and CCS code. This BITB attack is very hard to find as it looks exactly similar to the original version. The following image shows the side by side by comparing original and fake windows provided in the mr.d0x blog.