News, Technology

BitB: A New Form of Phishing

Kenton Reynolds

Kenton Reynolds, Writer

A newly discovered cyber-attack, known as ‘Browser in the Browser’, is almost undetectable to the average user.

A Browser in the Browser (BitB) attack is a form of phishing attack that poses new threats to those using the internet. Phishing is a form of social engineering where scammers coerce users into giving away their personal information or installing malware. This is most commonly done in the form of fake emails that usually ask for details or for the user to open an attachment (often a hidden .exe file). These emails are so common that 1 in every 4,200 emails sent are phishing emails; a total of 3.4 billion are sent every day. This accounts for 36% of data breaches and lead to consumers and businesses losing $54 million in the US in 2020.

BitB attacks are slightly more sophisticated than all of those emails piling up in your spam folder. The attack occurs when a user attempts to login to a genuine website and clicks the “login here” button (or the relevant equivalent). A popup then appears – as you would see with many trustworthy sites such as Google or Microsoft – for you to enter your details. This popup is malicious however and overlays the genuine page and, using CSS and HTML, hackers are able to make the fake page appear identical to the real one. Key red flags, such as unusable links and no HTTPS lock symbol, are avoided meaning the things you would normally look out for will not be there. The site then takes in and saves the details that you enter. An example of an attack is available on this site

Avoiding this is not as easy as with other attacks – that’s why it is so dangerous. The usual methods will be effective in helping to protect yourself. Antivirus is key as always: make sure it’s installed, updated and maintained. Robust and effective password managers are good too. More specifically for BitB attacks, using multi-factor authentication is key. This means that there is no need to use passwords to login and if you do give up a password, the hacker will need your authentication to login. In addition, resizing and moving browser windows that have popped up will show whether they are legitimate or not. If you have a BitB window, you will be able to move it to find the original window behind.

Phishing, and other forms of cyberattacks, are constantly evolving and that’s why it is important to keep on top of your cybersecurity. You should always be vigilant on the internet, here are some tips to bear in mind.

Subscribe to the Blog
Join for the latest tech, design and industry news straight to your inbox.

Our UX team designs customer experiences and digital products that your users will love.

Follow Us