Did you know that this is a fake Microsoft login page?
How's that possible?! This is what we call advanced phishing attacks, and exactly it is called browser in browser Attack.
The concept of this attack is easy, the Attacker will be having a domain and 2 hosting services, in which he will be hosting the main empty page
the second hosting service, will be used to host a fake login page of any website.
the first hosting service will be handling the window, and the URL bar (that the hacker can customize), by having access to this the hacker will be able to display any URL he wants, the smart thing is even the ssl icon is displayed there which may trick the target to think it's a real SSL certificate but in fact it's just an icon.
Once the credentials are added on the page and logged in the Attacker will be taking advantage of the credentials he got to gain access to the targeted account.
To identify this attack you can try to check the link you will see that it's not available to copy, you can also try to put it on full screen mode you will notice it's impossible, and probably the main link that will redirect you to a trusted link (which is Illogic).
This attack is named browser in browser attack and it's very important to know it so that you can't be tricked, and it should also be included in cybersecurity trainings.
#cybersecurity #ethicalhacking #bilelbougarne #linux #cyberattacks