Websites commonly serve content, such as web pages, which include interfaces to web-based applications that are programmed to perform a range of services for visitors of the websites. Some of these applications are capable of consummating transactions requested by the visitors. For example, websites that maintain private accounts for their users may provide, in a web page, a form that has username and password fields that allow a user to submit their credentials as needed to login to the user's account. A server-side application for the website may receive and process the user's credentials, and may then either allow or deny access to the account based on the validity of the submitted credentials. Other transactions that may be carried out with web-based applications include, for example, account updates, account logouts, commercial transactions (e.g., add-to-cart, purchase items), and financial transactions (e.g., transfer funds, securities transactions). As web-based applications often process users' private and sensitive information, and perform transactions pertaining to users' sensitive matters, fraudsters and the like have attempted to exploit such applications to serve their own illicit ends.