Prevent Credential Phishing
Phishing sites are sites that attackers disguise as
legitimate websites with the aim to steal user information, especially
the credentials that provide access to your network. When a phishing
email enters a network, it takes just a single user to click the
link and enter credentials to set a breach into motion. You can
detect and prevent in-progress phishing attacks, thereby preventing
credential theft, by controlling sites to which users can submit
corporate credentials based on the site’s URL category. This allows
you to block users from submitting credentials to untrusted sites
while allowing users to continue to submit credentials to corporate and
sanctioned sites.
Credential phishing prevention works by scanning username and
password submissions to websites and comparing those submissions
against valid corporate credentials. You can choose what websites
you want to either allow or block corporate credential submissions
to based on the URL category of the website. When the firewall detects
a user attempting to submit credentials to a site in a category
you have restricted, it either displays a block response page that
prevents the user from submitting credentials, or presents a continue
page that warns users against submitting credentials to sites classified
in certain URL categories, but still allows them to continue with
the credential submission. You can customize these block pages to educate
users against reusing corporate credentials, even on legitimate, non-phishing
sites.
To enable Credential phishing prevention you must configure both
User-ID to detect
when users submit valid corporate credentials to a site (as opposed
to personal credentials) and
URL Filtering to specify the
URL categories in which you want to prevent users from entering
their corporate credentials. The following topics describe the different
methods you can use to detect credential submissions and provide
instructions for configuring credential phishing protection.