All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Browser-in-the-Browser phishing campaign targets Microsoft 365 users with fake OAuth login popups

By

Sinisa Markovic

19d ago· 2 min readenNews

Summary

Palo Alto Networks Unit 42 has identified a new Browser-in-the-Browser (BitB) phishing campaign targeting Microsoft 365 users. The attack uses fake login popups embedded within webpages that closely mimic legitimate browser authentication windows, complete with spoofed Microsoft OAuth URLs and login forms. When victims click a Microsoft sign-in button, they are presented with what appears to be a standard authentication prompt, making it difficult to distinguish from a genuine login request.

Source

bskyBrowser-in-the-Browser phishing campaign targets Microsoft 365 users with fake OAuth login popupshelpnetsecurity.com

Key quotes

· 3 pulled
A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication windows, according to Palo Alto Networks Unit 42.
The attack relies on a fake browser window embedded within a webpage.
Victims who click a Microsoft sign-in button are presented with what appears to be a standard authentication prompt, complete with a spoofed Microsoft OAuth URL and a login form.
Snippet from the RSS feed
A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups and spoofed OAuth URLs.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.