01/14/2026
A new platform login scam is spreading that is more advanced than normal phishing links. Currently popular on Facebook, instead of sending you to a fake website that looks like Facebook, attackers are now showing a fake login window inside your own browser (called Browser-in-Browser). This fake window looks exactly like a real Facebook login popup, including the address bar, logo, and lock icon. Because it appears inside the page you are already visiting, many people think it is legitimate and enter their username and password.
This is different from traditional phishing. In older scams, attackers rely on fake links or misspelled website addresses that try to imitate Facebook. With this new method, the website itself can be real, but the login window is fake and controlled by the attacker. The browser address bar you see in the popup is just an image, not a real browser window.
Often, they’re getting people by claiming they’ve violated copyright laws. Then prvide a fake apeal form.
Be suspicious of any unexpected login request. Facebook will not randomly ask you to log in again through a popup because of a warning, copyright issue, or account problem.
Never log in through a popup window. If you are unsure, close the popup completely, open a new browser tab, and manually type facebook.com to check your account. Or just open your mobile App.
Test the login window: Try clicking and dragging the popup outside of your browser window. A real browser login window can move freely. A fake one will stay trapped inside the page.
Do not click login links sent to you. Type in the address on the address bar.
Enable two factor authentication!!!!
Scammers are getting better at making things look so real, especially with the emergence of AI agents. Slow down, never trust, always verify before you log in anywhere.
This scam is currently popular within Meta environments, but can be used in any platform.
Stay safe.
iTech Cyber
www.itechcyber.com
