This browser-in-the-browser (BitB) is a technique for deceiving the user into thinking they are using a legitimate online login screen, such as when you log in to Microsoft 365 or Google Workspace.
This browser-in-the-browser attack is perfect for phishing • The Register
Behold, a password phishing site that can trick even savvy users | Ars Technica
How does this malicious log-in page get to you – via a phishing email, and the best way to defend against such an attack is with training.
The first thing to remember is do not follow a link from an email when logging into any service online – go to the page directly in your web browser.
