Passwords and other sensitive information can now be easily obtained using a variety of phishing methods. However, a new phishing tactic known as the BitB attack has recently been uncovered, and it is so perfectly crafted that most people would fall for it.
This method entails creating a bogus pop-up login window that displays on a website. By combining HTML with CSS, threat actors create a bogus pop-up login window that appears on a web page. Threat actors integrate an iframe pointing to a malicious server. This server hosts the phishing web page into the browser’s window design, ensuring that the server remains undetectable.
This new phishing technique was discovered by a cybersecurity analyst known as mrd0x.
mrd0x stated, “Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it’s basically indistinguishable. JavaScript can be easily used to make the window appear on a link or button click, on the page loading, etc.”