How to harden your login page against cloning

Most phishing sites are created by cloning a real webpage, but there's ways to harden a page against being cloned. 🧵Here are 3 steps:

1️⃣ Install beacon assets: if done properly these evade the cloning process and will call back to your server telling you the URL of any cloned page. You can use http://canarytokens.org or deploy your own implementation

2️⃣ Embed high-entropy strings: long, random strings are often overlooked by phishers but they make it extremely easy to detect …

cybersecurity detect don entropy high login page phishing random strings