News, Technology

BitB: A New Form of Phishing

Kenton Reynolds

Kenton Reynolds, Writer
@uxconnections

A newly discovered cyber-attack, known as ‘Browser in the Browser’, is almost undetectable to the average user.

A Browser in the Browser (BitB) attack is a form of phishing attack that poses new threats to those using the internet. Phishing is a form of social engineering where scammers coerce users into giving away their personal information or installing malware. This is most commonly done in the form of fake emails that usually ask for details or for the user to open an attachment (often a hidden .exe file). These emails are so common that 1 in every 4,200 emails sent are phishing emails; a total of 3.4 billion are sent every day. This accounts for 36% of data breaches and lead to consumers and businesses losing $54 million in the US in 2020.

BitB attacks are slightly more sophisticated than all of those emails piling up in your spam folder. The attack occurs when a user attempts to login to a genuine website and clicks the “login here” button (or the relevant equivalent). A popup then appears – as you would see with many trustworthy sites such as Google or Microsoft – for you to enter your details. This popup is malicious however and overlays the genuine page and, using CSS and HTML, hackers are able to make the fake page appear identical to the real one. Key red flags, such as unusable links and no HTTPS lock symbol, are avoided meaning the things you would normally look out for will not be there. The site then takes in and saves the details that you enter. An example of an attack is available on this site

Avoiding this is not as easy as with other attacks – that’s why it is so dangerous. The usual methods will be effective in helping to protect yourself. Antivirus is key as always: make sure it’s installed, updated and maintained. Robust and effective password managers are good too. More specifically for BitB attacks, using multi-factor authentication is key. This means that there is no need to use passwords to login and if you do give up a password, the hacker will need your authentication to login. In addition, resizing and moving browser windows that have popped up will show whether they are legitimate or not. If you have a BitB window, you will be able to move it to find the original window behind.

Phishing, and other forms of cyberattacks, are constantly evolving and that’s why it is important to keep on top of your cybersecurity. You should always be vigilant on the internet, here are some tips to bear in mind.

News, Technology

Subscribe to the Blog
Join for the latest tech, design and industry news straight to your inbox.

SUBSCRIBE

Our UX team designs customer experiences and digital products that your users will love.

FIND OUT MORE

Follow Us

Related articles

Beyond Entertainment: Virtual Reality in Personnel Assessment
Mind Over Machine: UTS Researchers Create Mind-Controlled Devices
EchoSpeech: The Cutting-Edge AI Solution for Silent Speech Recognition
Innovating for Success: Britain’s Ambitious Plan for AI Growth
Consultant Profile: Sophie Curzon
Bridging the Digital Divide: Advancing Access and Equity for Older Adults
A Robot Companion for Inclusive Learning
Recipe for a Cozy Game
The Hydrogen-Powered Train
SpaceX Starship’s Wet Dress Rehearsal
Apple Announce Entry to AR and VR Market
Three Female Leaders in Tech Australia
Three Female Leaders Changing the Australian Tech Industry
Three Female Leaders in Tech US
Three Female Leaders Changing the US Tech Industry
3 Female Leader in Tech UK
Three Female Leaders Changing the UK Tech Industry
Women in Tech Charities
Women in Tech: Charities We’re Supporting
Gravity Batteries: Making Renewable Energy Viable

Leave a Reply

Your email address will not be published. Required fields are marked *