Over the past six months, hackers have increasingly used a clever trick to steal Facebook login details by fooling users with fake browser windows.
This method is known as browser in the browser, often shortened to BitB, and security experts say it is becoming one of the most dangerous phishing techniques in use today.
The BitB method was first created in 2022 by a security researcher called mr.d0x. Soon after, cybercriminals adopted the idea and began using it in real-world attacks against popular online platforms such as Facebook and Steam. Since then, the technique has spread quickly because it is very effective and difficult for users to recognize.
Researchers from cybersecurity firm Trellix say stolen Facebook accounts are often used to spread scams, steal personal information, or commit identity fraud. With more than three billion people using Facebook worldwide, the platform remains one of the most valuable targets for attackers.
In a typical BitB attack, a user visits a malicious website controlled by hackers. The page then displays what looks like a normal browser pop-up asking the user to log in to Facebook. While it looks real, the window is actually fake and is built into the webpage itself using a hidden frame. The attackers designed this fake window to closely match Facebook’s real login page, including the page title and web address, making it very hard to spot the scam.
Trellix reports that many recent attacks pretend to come from law firms, accusing users of copyright violations. Other messages claim that a Facebook account is about to be suspended or warn of suspicious login activity. These messages are meant to scare users and pressure them into acting quickly.
To make the scams seem more trustworthy, hackers often use shortened links and fake security checks that look like Meta CAPTCHA pages. Once users pass these steps, they are asked to enter their Facebook username and password into the fake login window. As soon as the details are entered, the information is sent straight to the attackers.
In addition to fake login pop-ups, researchers have found many phishing pages hosted on well-known cloud services such as Netlify and Vercel. These pages copy the look of Meta’s Privacy Center and redirect users to fake appeal forms that ask for personal information. Because these pages are hosted on trusted platforms, they are less likely to be blocked and may appear safe to unsuspecting users.
Security experts say these campaigns show a clear change from older Facebook phishing attempts. Instead of obvious fake websites, attackers now rely on trusted infrastructure and advanced tricks to make their scams look legitimate. The use of fake browser windows is especially dangerous because it copies login experiences that users are already familiar with.
According to Trellix, BitB attacks are extremely hard to detect just by looking at the screen. The fake login window is part of the webpage, not a real browser window, which makes visual checks unreliable for most people.
To reduce the risk of falling victim to these attacks, users should avoid clicking on links in emails or messages that claim there is a problem with their account. If a security alert or warning appears, it is safer to open a new browser tab and visit Facebook’s official website directly.
Another simple check is to try moving the login window outside the browser. A real browser window can be dragged freely, but a fake one created with this technique will stay locked inside the page.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Experts also strongly recommend enabling two-factor authentication on Facebook and other online accounts. While it cannot stop every attack, it adds an extra layer of protection and can prevent hackers from taking full control of an account even if login details are stolen.
