Zero-day phishing detection

You can use Enterprise Threat Protector for real-time detection of phishing pages that were created with phishing toolkits. When inline payload analysis is enabled, ETP can analyze requested webpages and determine whether content such as a login page is used in a new phishing attack.

In a sophisticated phishing attack, users are lured to phishing websites that are designed to look like legitimate websites. Users are usually directed to these pages as a result of a phishing email, instant message, social media post or message, or another means of communication where a malicious URL is provided. On these fraudulent websites, users are urged to enter login credentials or other sensitive information, giving an attacker access to confidential information such as usernames and passwords, credit card information, bank account information, or more.

To analyze these requested webpages or phishing domains, you must enable ETP Proxy and inline payload analysis. You can use zero-day phishing detection with ETP proxy as a full web proxy or if the full proxy is not enabled, you can use this feature when ETP proxy captures only risky traffic.

Zero-day phishing events are reported in ETP as phishing threat events. You can search for events based on the Phishing threat category and the policy where inline payload analysis is enabled. Like any phishing event, if ETP detects zero-day phishing, a phishing website warning is shown to the end user. For more information on this custom error page, see Error pages.