Other Security Mitigations and Tips
Programming techniques
One technique used by hackers to implement fake websites is using the legitimate website as a background and superimposing the fake site across the top of the legitimate website. From the client perspective, the website looks real, acts appropriately, and contains the legitimate SSL padlock. The client is then prompted to enter their details into the fake site where the hacker obtains their authentication details. Some programming languages (e.g. JavaScript) have functions available to detect if the section of the website is embedded in a frame, and if so to push the legitimate section of the website to the front. This should be able to prevent hackers from superimposing fake website sections over the top of legitimate ones.
|