BitB phishing campaign targeting Facebook users
Campaign
Summary
Hide ▲
Show ▼
A six-month phishing campaign is using browser-in-the-browser (BitB) fake login pop-ups to steal Facebook credentials, increasing the risk of account takeover and identity fraud. The operation targets Facebook users with lures such as copyright infringement notices, account suspension warnings, and fake Meta security alerts. Attackers also use shortened URLs and trusted cloud hosting on Netlify and Vercel to make the pages look legitimate and evade filters. Some phishing pages mimic Meta's Privacy Center and collect personal data in addition to login credentials.
Related Happenings
Meta For Business Facebook Messenger fake-verification phishing campaign
Campaign
H score29
First: 07.07.2026 10:00
Last: 07.07.2026 10:00
Sources 1
About this happening:
A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...
Meta For Business Facebook Messenger fake-verification phishing campaign
CampaignAbout this happening: A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...
Sniper Dz MENA fake Facebook phishing and monetization campaign
Campaign
H score30
First: 15.06.2026 09:30
Last: 15.06.2026 09:30
Sources 1
About this happening:
A **Sniper Dz** fraud campaign is targeting **users across the Middle East and North Africa** with **fake Facebook accounts** that impersonate politicians, public figures, and tru...
Sniper Dz MENA fake Facebook phishing and monetization campaign
CampaignAbout this happening: A **Sniper Dz** fraud campaign is targeting **users across the Middle East and North Africa** with **fake Facebook accounts** that impersonate politicians, public figures, and tru...
Meta AI-powered support tools abused in Instagram account recovery flow
Security Tool/Service
H score26
First: 02.06.2026 18:47
Last: 02.06.2026 18:47
Sources 1
About this happening:
**Instagram accounts** were hijacked after attackers abused **Meta’s AI-powered support tools** to pass recovery checks and change the recovery email, creating a direct failure in...
Meta AI-powered support tools abused in Instagram account recovery flow
Security Tool/ServiceAbout this happening: **Instagram accounts** were hijacked after attackers abused **Meta’s AI-powered support tools** to pass recovery checks and change the recovery email, creating a direct failure in...
Ghost Stadium FIFA World Cup fraud campaign
Campaign
H score41
First: 27.05.2026 14:28
Last: 27.05.2026 14:28
Sources 1
About this happening:
A **Ghost Stadium**-linked **FIFA impersonation fraud campaign** is targeting **2026 FIFA World Cup** fans with cloned **fifa.com** pages, fake ticket and hospitality offers, and...
Ghost Stadium FIFA World Cup fraud campaign
CampaignAbout this happening: A **Ghost Stadium**-linked **FIFA impersonation fraud campaign** is targeting **2026 FIFA World Cup** fans with cloned **fifa.com** pages, fake ticket and hospitality offers, and...
Vercel v0.dev phishing campaign using GenAI-built lure pages
Campaign
H score29
First: 07.05.2026 11:30
Last: 07.05.2026 11:30
Sources 1
About this happening:
A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...
Vercel v0.dev phishing campaign using GenAI-built lure pages
CampaignAbout this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...
Timeline
-
12.01.2026 23:05 3 articles · 5mo ago
BitB phishing campaign targets Facebook users
Initial DisclosureOver the past six months, cybercriminals increasingly used browser-in-the-browser (BitB) fake login pop-ups to trick Facebook users into entering credentials, then abuse the stolen accounts for scams, personal-data harvesting, or identity fraud. Recent lures impersonate law firms with copyright infringement notices, urgent account-suspension warnings, and Meta security alerts about unauthorized logins, while shortened URLs, fake Meta CAPTCHA pages, and phishing pages hosted on Netlify and Vercel help the pages look legitimate. Some pages mimic Meta's Privacy Center portal and redirect users to appeal forms that collect personal information.
Show sources
- Facebook login thieves now using browser-in-browser trick — www.bleepingcomputer.com — 12.01.2026 23:05
- Facebook login thieves now using browser-in-browser trick — www.bleepingcomputer.com — 12.01.2026 23:05
- Phishing Scams Exploit Browser-in-the-Browser Attacks to Steal Facebook Passwords — www.infosecurity-magazine.com — 13.01.2026 16:40