Researchers from Group-IB have found that hackers are stealing Steam credentials with a new phishing technique called 'Browser-in-the-Browser' (BitB). Essentially, this technique copies authentic pages and opens a fake browser window within an existing tab. According to researchers, hackers would send victims a bait webpage with a login button which, when opened, asked victims to fill out an account data entry form. Group-IB made several recommendations to users such as checking whether a new window opened in the taskbar, checking the functionality of the address bar, and paying attention to the fonts and design of the control buttons.