Abstract: Systems and methods of detecting attacks in a computer network with a processor and at least one web server may include generating at least one deception element configured to detect a malicious interaction, wherein the at least one deception element includes at least one hidden link to a web object, embedding the at least one deception element into the at least one web server, determining occurrence an attack on the at least one web server based on an indication from at least one web object linked to the at least one deception element, and issuing an alert upon detection of an attack attempt, wherein the web object is selected from the group consisting of web pages, web forms and search forms.