Why does Credential Phishing Prevention/Detection does not work for twitter.com
10862
Created On 07/26/19 09:08 AM - Last Modified 04/20/24 02:20 AM
Symptom
Why Credential Phishing Prevention/Detection does not work for twitter.com?
Environment
- PAN-OS 8.0 or above.
- Palo Alto Firewall.
Cause
Twitter.com falls under trusted/sanctioned sites list and hence credential detection/prevention does not get applied.
Resolution
Documentation reference can be found Here . Since Twitter.com falls under trusted sites, Credential Phishing is not applied.
Prevent Credential Phishing
Phishing sites are sites that attackers disguise as legitimate websites with the aim to steal user information, especially the credentials that provide access to your network. When a phishing email enters a network, it takes just a single user to click the link and enter credentials to set a breach into motion. You can detect and prevent in-progress phishing attacks by controlling sites to which users can submit corporate credentials based on the site’s URL category. This allows you to block users from submitting credentials to untrusted sites while allowing users to continue to submit credentials to corporate and sanctioned sites.