Browser-in-the-Browser phishing takes advantage of your familiarity with the single sign-on (SSO) process.
SSO options allow you to sign into a site using a big-name credential such as Google, Facebook, Apple, or Microsoft. You click a button to sign on using one of these options, then window opens where you can log in using your big-name password. SSO is gaining in popularity, often being used to verify your identity for everything from comments on news stories to chats on blogs.
Browser-in-the-Browser phishing mimics the second pop-up window with embedded code. Its goal is to harvest your big-name credentials. Attacks using Browser-in-the-Browser methods may contain a lock symbol, official looking logos, and even a fake url box to convince you it is legitimate. It is important to note that in these attacks you can move the window around within the initial window but cannot move it outside the window.
- Keep an eye out for logo differences, legitimate urls, and security icons. Just because they can be spoofed in Browser-in-the-Browser attacks does not mean standard red flags are not worth noting.
- If you want to use SSO, try moving the pop-up window outside the boundary of the original window. If the pop-up window disappears along the edges, it may be Browser-in-the-Browser phishing.
- Use extra caution any time you log in on to an unfamiliar site—even if using a familiar method like SSO. For there to be a faked Browser-in-the-Browser pop-up, you must have landed on an insecure site. Either the company is a sham or (perhaps more likely) the site is a spoofed copy of the real thing.
For more details, go to the original post at The Hacker News.
ABOUT FRONTLINE TECHNOLOGY LLC
Frontline Technology is one of the only ministry-focused IT companies that is led by pastors and ministry leaders. With over 20 years' experience serving organizations of all sizes, Frontline understands the unique needs, budgets, and technology challenges of nonprofits.
Technology is often perceived as complicated and expensive. Many nonprofits struggle to implement the technology solutions and security needed to drive their mission forward. Frontline Technology helps nonprofits overcome their technology challenges so they can stay focused on their mission.
For nonprofits of every type and size: We Keep IT Simple
Frontline Technology is one of the only ministry-focused IT companies that is led by pastors and ministry leaders.