Credential phishing prevention works by scanning username and
password submissions to websites and comparing those submissions
against valid corporate credentials. You can choose what websites
you want to either allow or block corporate credential submissions
to based on the URL category of the website. When a user attempts
to submit credentials to a site in a category you have restricted,
either a block response page prevents the user from submitting credentials
or a continue page warns users against submitting credentials to
sites in certain URL categories, but still allows them to continue
with the submission. You can
customize response
pages to educate users against reusing corporate credentials,
even on legitimate, non-phishing sites.