This Canarytoken is placed within either the CSS of your site or inside a 3rd party site, where you may not be able to add JavaScript and notifies you if someone clones your site and hosts it on another domain. This can alert to targeted or Adversary-in-the-Middle (AitM) phishing attacks.
Ideas for use:
- Only the
url()
portion is required, you can change the selector and addopacity: 0
ordisplay: hidden
if you want to style an invisible element. - Use this CSS to style 3rd party authentication pages, such as a LogTo page, or an AWS Cognito login.
Step 1: Log in to your Console
Log in to your Console.
Step 2: Open the Canarytokens tile
Select the Canarytokens tile or click Add a new Canarytoken.
Step 3: Select Cloned CSS
Select the Cloned CSS token from the list.
Step 4: Enter cloned website domain
Enter the website domain under Cloned Site. This is the domain of the website you'd like to protect.
Note
We used "inyoni-corp.com" as the domain.
Step 5: Download token
Download, copy or print the token and place it in its intended location.
Alert
An alert is triggered when the cloned website is loaded.