Ars Technica

Behold, a password phishing site that can trick even savvy users

When we teach people how to avoid falling victim to phishing sites, we usually advise closely inspecting the address bar to make sure it does contain HTTPS and that it doesn’t contain suspicious ...
Threat Post

Browser-in-the-Browser Attack Makes Phishing Nearly Invisible

Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al.