Cybercriminals are increasingly deploying a sophisticated phishing technique to steal Facebook users’ login credentials, according to a recent warning issued by the cyber security firm Trellix. The company reports a sharp rise over the past six months in attacks using a method known as “Browser-in-Browser” (BiB), a tactic that is proving far more deceptive and dangerous than traditional phishing schemes.
Trellix researchers explain that in a Browser-in-Browser attack, users are lured to websites fully controlled by cybercriminals. Once on such a site, a convincing pop-up window appears, prompting the user to log in to Facebook. At first glance, this pop-up looks identical to a genuine browser login window. In reality, however, it is a fake interface created using iframe technology, designed to mimic the appearance of an authentic Facebook login page.
What makes this technique particularly effective is the level of visual accuracy. The fake pop-up displays familiar Facebook branding, a realistic page title and a web address that closely resembles the legitimate Facebook login URL. As a result, even cautious users may fail to recognise the deception. When victims enter their Facebook username and password into the fake window, the information is immediately transmitted to the attackers, granting them unauthorised access to the account.
Cyber security specialists also warn that large numbers of conventional phishing pages are being used alongside BiB attacks. These pages are often designed to resemble official Meta platforms and typically accuse users of copyright infringement or claim that their Facebook accounts will be temporarily suspended. Under the pressure of such threats, users are urged to “verify” or “update” their account details, a step that ultimately exposes their login credentials.
According to Trellix’s report, these newer phishing campaigns are significantly more complex than earlier Facebook scams. Attackers are abusing legitimate cloud hosting services and URL-shortening technologies to disguise malicious links and evade standard security filters. This allows phishing pages to remain active for longer periods, increasing the number of potential victims.
Experts advise users to remain vigilant when receiving security alerts or policy violation notices related to their social media accounts. Instead of clicking on links embedded in emails or messages, users should open a separate browser tab and manually navigate to Facebook’s official website to check their account status. Enabling multi-factor authentication (MFA) is also strongly recommended, as it adds an extra layer of protection even if login details are compromised. Regular password changes and scepticism towards unexpected login prompts can further reduce the risk.
Key Methods and Risks
| Aspect | Details |
|---|---|
| Primary technique | Browser-in-Browser (BiB) phishing |
| Target | Facebook usernames and passwords |
| Common lure | Fake login pop-ups and imitation pages |
| Psychological pressure | Copyright claims, suspension warnings |
| Evasion methods | Cloud infrastructure and shortened URLs |
| Recommended protection | Official site access, MFA, password hygiene |
The growing sophistication of these attacks highlights the evolving nature of online threats and underscores the need for greater awareness and stronger security practices among social media users worldwide.