Browser in the browser. New cyber attack

Nowadays, cyber-attacks already live among us; with technological advances, new methods of appropriating other people’s property are growing.

The best known is phishing, which is one of the oldest techniques in terms of cyber-attacks, it is an identity theft in which legitimate people or companies are impersonated by cybercriminals, in which through a phone call or email they try to appropriate, for example, our login credentials and thus reach our credit cards or bank accounts.

In the spring of 2022 a researcher described a new phishing technique he called Browser in the browser (Bitb), with this new technique cybercriminals try to trick users into believing that a fake website is legitimate.

Increasingly, pop-up windows are used to perform logins and this is when we can be attacked.

In traditional phishing, the website opens an additional tab or redirects us to them, in the case of Bitb a fake browser window opens on the same website, which gives us a sense of trust.

How can we identify a Bitb

As indicated by INCIBE, the following steps must be followed:

— Check that a new window opens in the taskbar, if it is not the case we will be able to say that we are in front of a false window.

— We will try to move the pop-up window and if it only moves through the browser window and does not go beyond it, it is possibly a fake window.

— Check that the padlock symbol is real and not an image, to do this click on it and check that it has the SSL certificate.

— We will try to resize the pop-up window if it does not allow us to do so, we should be suspicious.

— We can also try to change the content of the address bar and if it does not allow it, we can say that the site we are visiting is not legitimate.

How can we protect ourselves from these cyber attacks?

This type of cyber-attacks seem quite complicated to detect, but our computer can help us. To do so, it would be convenient to apply security measures, we can highlight the following:

— Use a password manager for all our accounts, it will store the credentials and will only replicate them in that web with the legitimate URL in which the user was registered.

— There are security solutions on the market that include anti-phishing protection that we can install on our devices, so that if it considers a website to be suspicious, we will be alerted.

— Use the double authentication factor whenever possible, as this measure will provide us with a double layer of security.

Business Adapter® at your service

If you need to reinforce your current security measures, contact your consultant for documentation and instructions.

If you are not yet a customer and want to comply with the Data Protection Act, let us help you. Contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]