New Facebook Phishing Scam Uses Fake Pop‑Ups So Real Even Experts Get Fooled

Phishing scammers are getting really good at obtaining your personal information via a sophisticated method called Browser-in-Browser (BitB). To wit, a surge of Facebook BitB attacks are hitting unwitting users, but here's how to detect and avoid becoming a victim.

Gone are the days of clumsy, misspelled emails and dialog boxes as methods like BitB exploit the visual cues we have been taught to trust. By using malicious JavaScript tricks, attackers can now simulate an entire browser window within an active tab. This fake window includes a perfectly replicated address bar, fake SSL padlock, and even the correct Facebook URL. To the average or even savvy user, it looks exactly like a legitimate Single Sign-On (SSO) login pop-up to your Facebook account.

Security researchers at Trellix say all of this starts with a security alert email that prey on a user's fear. These urgent notifications—which could appear ...