I've been thinking about scammers lately and thought about rendering numbers as a png in browsers instead of displaying them as HMTL for banks. This would ensure scammers can't just go in and edit the html on the fly potentially saving some people from this kind of attack.
I played around with libvips and can easily create a png with any text.
vips text x.png "1,234,567" --width 100 --align centre --dpi 340
Any thoughts on why this shouldn't be done?
> This would ensure scammers can't just go in and edit the html on the fly
How would the scammers "edit the HTML on the fly" of a bank's website that they don't control...?
If they can control it somehow (either via a hack, local malware, browser extension, or just hand-editing the site on the victim's computer)... well, they can just as easily replace your PNG with one of their own, or just replace it with regular HTML numbers.
If someone can control the bank website, it's game over. It's not a matter of graphics vs text?