Researchers devised a new phishing technique, dubbed Browser-in-the-Browser (BitB) attack that lets cybercriminals spoof a browser window within a browser by leveraging a mix of HTML and CSS code. The novel BitB attack bypasses both a URL with HTTPS encryption and a hover-over-it security check. Researchers suggest using secure proof of identity via a registered device or token.