Phishing (or phishing) is not a new phenomenon and many Internet users have learned to be wary of certain messages supposedly sent by their bank, their social security fund or any other organization or company that they are likely to to know.
The purpose of these messages is to lure you to an exact replica of the site where you believe you are. However, it is often enough to look at the url displayed in your browser to realize that it is not quite as it should be. The extension may be different or some weird characters present.
Fake windows but with real urls
But hackers never short of innovation have created a new type of attack called “Browser-in-the-browser” (BitB) which makes this type of process a little more sophisticated. Their goal is to replace the identification window that normally appears when you try to connect to a service with another whose sole purpose is to steal your login and password.
This attack was documented by a security researcher known as mr.d0x. He explains that hackers are taking advantage of the growing capacities of the languages used to code sites (HTML, CSS and JavaScript). It is always necessary to bring the Internet user to a fake site to encourage him to connect to identify himself. The objective is to trigger the display of an extremely well-imitated false connection pop-up window.
Where the system is particularly tricky is that when you pass your mouse in rollover on the fraudulent window, it displays a perfectly compliant url at the bottom of the browser. The Internet user will really have the impression of being in the right place. Once you have entered your login and password, it is too late to go back. His credentials are now in the wrong hands.
To guard against this kind of attack, extreme vigilance is certainly a good method but far from being infallible, the easiest way being to equip yourself with protection software worthy of the name like Bitdefender Total Security. He already integrates this type of threat and will not be fooled by this subterfuge.
This article was written in partnership with Bitdefender.