"Browser-in-the Browser (BITB) – A New Born Phishing Methodology"

Browser-in-the-Browser (BITB) is a novel phishing method in which third-party Single Sign-On (SSO) options are abused. These SSO options are embedded on websites and issue pop-up windows for authentication via Google, Facebook, Apple, or Microsoft. The BITB attack involves simulating a pop-up window in order to spoof a legitimate domain. This approach of spoofing a pop-up login window is dangerous as it undermines the standard practice of checking the URL of sites. According to the researcher who demonstrated the technique, this type of attack is difficult to detect because the fake window looks identical to the real window. The fake one only has a few minor differences, making it difficult to notice. This article continues to discuss the BITB phishing method and how it differs from traditional phishing techniques. 

Security Boulevard reports "Browser-in-the Browser (BITB) – A New Born Phishing Methodology"