Skip to main content

Search

How do I create a Cloned CSS Token?

Place a Canarytoken in your site's CSS or on third-party pages to detect when your site is cloned and hosted elsewhere. Ideal for spotting targeted or Adversary-in-the-Middle phishing attacks.

This Canarytoken is placed within either the CSS of your site or inside a 3rd party site, where you may not be able to add JavaScript and notifies you if someone clones your site and hosts it on another domain. This can alert to targeted or Adversary-in-the-Middle (AitM) phishing attacks.

Ideas for use:

  • Only the url() portion is required, you can change the selector and add opacity: 0 or display: hidden if you want to style an invisible element.
  • Use this CSS to style 3rd party authentication pages, such as a LogTo page, or an AWS Cognito login.

Step 1: Log in to your Console

Log in to your Console.

Console Login.png

Step 2: Open the Canarytokens tile

Select the Canarytokens tile or click Add a new Canarytoken.

tile.png

Step 3: Select Cloned CSS

Select the Cloned CSS token from the list.

CleanShot 2024-07-22 at 10.24.42@2x.png

Step 4: Enter cloned website domain

Enter the website domain under Cloned Site. This is the domain of the website you'd like to protect.

Note

We used "inyoni-corp.com" as the domain.

CleanShot 2024-07-22 at 10.19.35@2x.png

Step 5: Download token

Download, copy or print the token and place it in its intended location.

CleanShot 2024-07-22 at 10.20.11@2x.png

Alert

An alert is triggered when the cloned website is loaded.

CleanShot 2024-07-22 at 10.20.24@2x.png

Was this article helpful?
0 out of 0 found this helpful
Return to top