The “Facebook” platform is witnessing a notable increase in sophisticated phishing attacks that rely on the “browser-in-the-browser” (BitB) technique to steal login information on a large scale.
How the technique works:
These attacks rely on displaying a fake login window inside the victim’s original browser, which closely resembles the original “Facebook” page, and even displays the full URL of the site, making it very difficult to detect.
How is the attack carried out?
1- The attack usually begins with a fraudulent email disguised as a “legal notice” from a fake law firm.
2- This message contains shortened links, the function of which is to direct the victim to fake captcha pages that claim to belong to “Facebook.”
3- After the victim passes the fake captcha test, the fake login page is displayed to collect user data.
Advanced camouflage methods:
1- Attackers rely on trusted cloud platforms, such as Netlify and Vercel, to host their phishing pages.
2- They use popular link shortening services, such as Lnk.ink and rebrand.ly, to overcome security filters.
3- They design pages that first request personal information (name, email, phone number) before requesting the password, in order to further convince the victim.
Basic tips to protect yourself:
Always verify the correctness of the URL that appears in the address bar before entering any personal information or sensitive data.
Never enter your credentials via unexpected or suspicious pop-up windows.
Activate two-factor authentication (2FA) on your account, as it provides strong additional protection even if your password is stolen.
Organizations must periodically educate their employees and implement advanced security solutions to detect and filter malicious emails.
