Learn how credential phishing prevention works and how to configure solutions that detect
and prevent credential phishing.
Where can I use
What do I need?
Advanced URL Filtering license (or a legacy URL filtering
Legacy URL filtering licenses are discontinued, but
active legacy licenses are still supported.
Prisma Access licenses usually include Advanced URL
Phishing sites are sites that attackers disguise as legitimate websites with the intent to steal
user information, especially the credentials that provide access to your network. When a
phishing email enters a network, it takes just a single user to click a link and enter
credentials to set a breach into motion. You can detect and prevent in-progress phishing
attacks, thereby preventing credential theft, by controlling sites to which users can
submit corporate credentials based on the site’s URL category. This allows you to block
users from submitting credentials to untrusted sites while allowing credential
submissions to corporate and sanctioned sites.
Credential phishing prevention works by scanning username and
password submissions to websites and comparing those submissions
against valid corporate credentials. You can choose what websites
you want to either allow or block corporate credential submissions
to based on the URL category of the website. When a user attempts
to submit credentials to a site in a category you have restricted,
either a block response page prevents the user from submitting credentials
or a continue page warns users against submitting credentials to
sites in certain URL categories, but still allows them to continue
with the submission. You can customize response
pages to educate users against reusing corporate credentials,
even on legitimate, non-phishing sites.
The following topics describe different credential detection methods you can choose and provide
instructions for configuring credential phishing protection.