Beware of this new fake browser phishing trick

This is an attack on the browser, called a browser attack, called BitB. An anonymous hacker using the alias mr.d0x recently posted a detailed report online about this new phishing technique.

Cheating is especially dangerous if you regularly log into multiple websites with a single account. Many websites offer the option to log in to that website, for example, via a Google, Microsoft or Facebook account. This looks safer and is also easy: you don’t have to create a new account every time. Usually a popup appears where you are logged into a Google Account or Facebook account.

It is these windows that are currently faked. They are barely distinguishable from legitimate login windows. The URL and login page don’t look bad, and you’ll see a lock in your browser’s search bar that you should expect you’re connected to a secure site. But nothing is less true.

How do you avoid being a victim of such a BitB attack? As with many other spam and phishing tricks, logical thinking goes a long way. You can only fall into the trap of a BitB attack if you’ve ever visited a shady website. If you are on a legitimate website, a hacker cannot suddenly present you with a malicious login window.

That’s why it’s important to keep criticizing links you come across online or in your email. This prevents you from entering untrustworthy websites and thus falling into the BitB trap.

There’s also the protection provided by password managers. You may fall into login windows that are almost entirely bogus, but your password manager won’t. You can’t really find a form on the fake login screen. Your password manager cannot enter login information for you. This is a sign that something is not right. That’s why a password vault is an extra layer of protection against the new phishing trick.

Don’t have a password manager yet? In another article, we tested 16 password managers for you and also gave you 7 tips for finding the best password manager.