We recently researched a new type of phishing technique that
targets a wider range of users’ account all over the world and give instant access
to the attacker of the victim’s account. According to recent phishing attack reports,
37%+ accounts targeted by hackers are based on phishing.
You might like also: Get Real Photo Of Any Instagram User Using Social Engineering
What is Phishing Attack
Phishing is a type of cyber attack in which an attacker
attempts to trick a victim into providing sensitive information, such as login
credentials or financial information, through a fake or malicious website.
Phishing attacks are often carried out by sending emails that appear to be from
a legitimate source, such as a financial institution or a trusted online
retailer. The email will typically contain a link to a website that looks
genuine but is actually controlled by the attacker. When the victim enters
their sensitive information on the fake website, the attacker can then use it
to gain access to their accounts or commit fraud.
How To Spot Phishing Sites or link
You can easily spot a phishing website or a phishing webpage
link and prevent yourself from being hacked by keeping the following points in mind:
- Always check the website link shown in the URL box or bar in the browser.
- Don’t log in to third-party websites with your Google,
Facebook, Instagram, etc. account.
- Always enable two-factor authentication.
You might like also: Find Anyone Information On Internet
What Is Browser In The Browser Phishing Attack (BITB Attack)
Basically, it’s an advanced version of a normal phishing
attack in which the attacker creates a browser window in the browser that loads a
fake phishing login or credentials input page. The main difference that
differentiates normal phishing attacks from BITB is the BITB attack loads a
browser window in a browser that contains a domain that looks like the original
website domain. As shown in the image given below.
As you can see in the above example image, in the BITB
attack a phishing site is loaded in the new popup browser in the browser that
looks like as original URL but actually it’s a fake element.
How To Perform BITB Attack Using Kali
To perform Browser in the Browser Phishing attack on localhost in your kali you can use BITB Framework using the following commands:
Now you can see the interface of BITB Framework on your Terminal.
Note: You have to do port forwarding to expose your local host out of LAN otherwise generated link only works only on your PC browser.
How To Spot A BITB Phishing site
You can easily spot a phishing website and prevent yourself from being hacked by keeping the following points in mind:
- Phishing site browsers can not move outside of the main browser.
- Always check the website link shown in the URL box or bar in the browser.
- Don’t log in to third-party websites with your Google, Facebook, Instagram, etc. account.
- Always enable two-factor authentication.
