A Medium for the Northeast

Morung
Search
  • Home
  • Articles
  • Humour
  • Inspiring
  • Issues
  • Poetry
  • Videos
  • WTF
  • Pages
    • About Us
    • Advertise
    • Become a creator
    • Contact Us
Reading: Browser In The Browser (BIBT) phishing – What it is and how you can detect it
Share
Notification
Latest News
AI sermon
A sermon from beyond the human mind
Tech Featured Staff Pick
number of killings statewise
A Statistical Analysis of Insurgency-related Killings in Northeast India: Is the Region Finally at Peace?
Blog Featured Issues
Shirock
British progressive metal band Monuments to perform at ShiRock 2022
Blog Events
BIBT phishing
Browser In The Browser (BIBT) phishing – What it is and how you can detect it
Staff Pick Tech
Rap Battle
Rap Battle | Moko Koza vs G’nie
Videos
Aa
MorungMorung
  • Home
  • Articles
  • Humour
  • Inspiring
  • Issues
  • People
  • Tech
  • Videos
  • WTF
Search
  • Explore
    • Articles
    • Events
    • Good Reads
    • Inspiring
    • Issues
    • Humour
    • People
    • Poetry
    • Tech
    • Videos
  • Pages
    • Become a creator
    • About Us
    • Advertise
    • Contact
    • Disclaimer
    • Newsletter
Have an existing account? Sign In
Follow US
MORUNG
Morung > Blog > Staff Pick > Browser In The Browser (BIBT) phishing – What it is and how you can detect it
Staff PickTech

Browser In The Browser (BIBT) phishing – What it is and how you can detect it

Shimray
By Shimray May 20, 2022
Share
BIBT phishing

There’s a new type of phishing technique called BIBT short for Browser In The Browser which is going viral among the developers because of its unique technique. It’s a phishing technique that simulates a browser window within the browser to spoof a legitimate domain.

Contents
BIBT phishing in simple wordsHow to detect BIBT phishing

Published by Mr.d0x on his blog, this simple and unique technique can be a very effective tool in a phishing attack. You can learn more about the BIBT attack here.

BIBT phishing in simple words

To explain in a simple way, the BIBT technique masquerades the pop-up window to look like you are authenticating the real Google, Facebook, Apple, etc. and thereby giving away your login credentials to the hackers.

We often use Google, Microsoft, Apple, Facebook, etc. to authenticate for sign up and log in to other websites.

More Read

AI sermon
A sermon from beyond the human mind
6 Privacy-Focused Search Engines You Need To Check Out!
Marina Kiho Crowned Miss Nagaland 2017
These pictures of students attending class in open air will break your heart
Priyanka Chopra will make you fall in love with Assam with these latest Awesome Assam ads

Like the below example image where we can sign up/ log in to Canva using our Apple, Facebook, Google accounts.

Canva

One of the ways to detect phishing sites is to check the URL of the site to determine if it’s a legitimate website.

Mrd0x BIBT’s technique can masquerade the URL in Pop-up login windows, making it feel like you are logging in to the real website by replicating the entire window design using basic HTML/CSS and combining the window design with an iframe pointing to the malicious server hosting the phishing page.

The image below shows the fake window compared with the real window. Very few people would notice the slight differences between the two.

BIBT phishing

You can view this YouTube video to understand how this technique can be implemented as a phishing technique.

This phishing technique can easily collect your Google, Facebook, Apple login credentials.

Imagine this scenario where you come across a website (phishing site) that promises free products etc. and falling for it, you need to authenticate using your Google, Facebook, Apple ID and where you typed in your email and password. The hackers will be able to get hold of your email and password and can misuse it accordingly.

How to detect BIBT phishing

There are some ways to see if it is BIBT phishing. Here’s how you can check it.

  • One way of detecting BITB is by attempting to drag the window to the edge of the browser. If the window cannot escape the browser then it’s not a real window.
  • Another way is to refresh the link on the pop-up window. If it’s not genuine, it will not load or refresh the pop-up link
  • Another method is to auto-login. If it is not auto-login even if you are already signed in to Google, Facebook, etc., then it is not genuine.

Watch the video to understand how you can detect such BIBT phishing.

Be safe from phishing attacks!

Sources and References:

Mrd0x blog post

BIBT Github repo

Infinite Logins YouTube video

Also read about this Facebook phishing technique: Don’t fall for this ‘Fǝœbook security’ phishing

Recent Stories

  • A sermon from beyond the human mind
  • A Statistical Analysis of Insurgency-related Killings in Northeast India: Is the Region Finally at Peace?
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Reddit
By Shimray
Follow:
Flirting with WordPress & Ghost!!!
Leave a comment Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

SUBSCRIBE NOW

Subscribe to our newsletter to get our newest articles instantly!

- Advertisement -

What's NEW!

AI sermon

A sermon from beyond the human mind

TechFeaturedStaff Pick
January 13, 2023
number of killings statewise

A Statistical Analysis of Insurgency-related Killings in Northeast India: Is the Region Finally at Peace?

Though there are still insurgency issues and killings in the NE region, it’s a relief…

January 13, 2023
Shirock

British progressive metal band Monuments to perform at ShiRock 2022

ShiRock official team has announced the name of the international band that will be performing…

May 21, 2022
BIBT phishing

Browser In The Browser (BIBT) phishing – What it is and how you can detect it

There’s a new type of phishing technique called BIBT short for Browser In The Browser which is…

May 20, 2022

YOU MAY ALSO LIKE

A sermon from beyond the human mind

I instructed AI to prepare a sermon on the Bible verse John 13:34 in the manner of a well-known pastor,…

TechFeaturedStaff Pick
January 13, 2023

6 Privacy-Focused Search Engines You Need To Check Out!

There is only one true winner when it comes to Search Engines, and that is Google. It enjoys more than…

TechFeatured
January 29, 2022

Marina Kiho Crowned Miss Nagaland 2017

Marina Kiho from Dimapur, who aspired to be a successful woman was crowned Miss Nagaland 2017 on December 8 at…

Staff PickFeatured
January 23, 2022

These pictures of students attending class in open air will break your heart

Since November 27, over 700 families have been rendered homeless in the outskirts of Guwahati after the Assam government carried…

FeaturedStaff Pick
December 1, 2017
Morung website
We use our own and third-party cookies to improve our services, personalise your advertising and remember your preferences.
  • Home
  • About Us
  • Become a creator
  • Newsletter
  • Advertise
  • Contact

Follow US: 

MORUNG.COM

A Medium for the Northeast

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Register Lost your password?