* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [SASE](https://origin-researchcenter.paloaltonetworks.com/blog/sase/)
* [Cloud-delivered Security](https://origin-researchcenter.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/)
* Reduce Your Odds of Getti...

# Reduce Your Odds of Getting Snared in the Phishing Net

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsase%2Freduce-your-odds-of-getting-snared-in-the-phishing-net%2F)  
[](https://twitter.com/share?text=Reduce+Your+Odds+of+Getting+Snared+in+the+Phishing+Net&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsase%2Freduce-your-odds-of-getting-snared-in-the-phishing-net%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsase%2Freduce-your-odds-of-getting-snared-in-the-phishing-net%2F&title=Reduce+Your+Odds+of+Getting+Snared+in+the+Phishing+Net&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/sase/reduce-your-odds-of-getting-snared-in-the-phishing-net/&ts=markdown)  
\[\](mailto:?subject=Reduce Your Odds of Getting Snared in the Phishing Net)  
Link copied  
By [Ashraf Aziz](https://www.paloaltonetworks.com/blog/author/ashraf-aziz/?ts=markdown "Posts by Ashraf Aziz")  
Mar 23, 2023  
5 minutes  
[Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown)  
[Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)  
[Cloud SWG](https://www.paloaltonetworks.com/blog/tag/cloud-swg/?ts=markdown)  
[SASE](https://www.paloaltonetworks.com/blog/tag/sase/?ts=markdown)  
[SWG](https://www.paloaltonetworks.com/blog/tag/swg/?ts=markdown)

Phishing is one of the most significant security challenges companies face today, and it has become even more challenging with sophisticated and evasive tools accessible to threat actors of all skill levels. In addition to phishing attacks becoming more difficult to prevent, the attack surface has significantly widened. Today, work is done anywhere there's an internet connection, providing attackers ample opportunities to breach organizations at scale.

These factors mean phishing will continue to be among a cybercriminal's preferred methods for gaining illicit access to an organization's network. According to Palo Alto Network's [2022 Unit 42 Incident Response Report](https://www.paloaltonetworks.com/resources/research/2022-unit42-incident-response-report), the three attack vectors of phishing, exploitation of known software vulnerabilities, and brute-force credential attacks represented 77% of successful network intrusions. Phishing alone accounted for 37% of those intrusions.

You can't protect yourself from threats you can't see or understand, meaning it is critical to have the right tools to keep you safe. Let's take a closer look at what phishing is and the most common ways cybercriminals execute these attacks today. We will also take a look at the new [Cloud Secure Web Gateway](https://www.paloaltonetworks.com/sase/secure-web-gateway) (SWG) technologies available in [Prisma Access](https://www.paloaltonetworks.com/sase/access) that can help protect your organization from the latest phishing techniques attackers are using to infiltrate your network.

## What's inside the phishing tackle box

First, a quick primer on what [phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing) is. It is the fraudulent practice of sending communications, which could be an email, SMS message, or phone call, that appear to be from reputable sources to trick individuals to reveal sensitive information or even to install malware onto a device. The goal is to steal sensitive information that can be used to commit fraud or other malicious activities.

Today's phishing attacks are quite sophisticated and hard to detect. There are three methods attackers are increasingly using to launch these phishing attacks, and they have all the tools and resources they need in their phishing tackle box to accommodate the following tactics:

1. Software-as-a-Service (SaaS) Platform Phishing
2. Man-in-the-Middle (MitM) Phishing
3. Phishing Kits

Let's take a closer look at each of these.

### 1. SaaS Platform Phishing

Instead of creating phishing pages from scratch, attackers will leverage legitimate SaaS platforms, including various website builders or form builders, to host their phishing pages. Furthermore, these platforms require little to no coding experience, lowering the barrier to entry for creating and launching phishing attacks. Since these platforms have a good reputation and are recognized as safe by users, it is difficult for not only security vendors to detect these attacks, but also an end-user.

### 2. MitM Phishing

These attacks use a reverse-proxy server proxy to relay the original login page to the user but steal login credentials as people authenticate. MiTM attacks are capable of breaking two-factor authentication and avoiding many content-based phishing detection engines, making the threat invisible to clients and ultimately harder to detect. Attackers can steal or scrape credentials like session tokens, passwords, cookies, or whatever the site is using for authentication, in order to gain unauthorized access to a victim's account.

### 3. Phishing Kits

Phishing kits may be considered a novice attacker's tackle box of choice. These are ready-to-deploy packages that require the bare minimum effort to use, with everything an inexperienced attacker would need to deploy an attack, including usage instructions. When deployed, phishing kits generate copies of websites or send millions of emails representing well-known brands and companies, allowing adversaries to rapidly launch attacks in volume to various targets.

## New Cloud SWG functionality helps keep you out of phishing nets

Cloud SWG within Prisma Access includes [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering), the only web security engine to stop unknown and highly-evasive web-based threats in real-time, which is introducing new Machine Learning (ML)-powered detection models to prevent advanced phishing attacks leveraging SaaS platforms, Man-in-the-Middle techniques, and phishing kits.

**SaaS platform phishing protections.** With the increasing popularity of using SaaS platforms to launch modern phishing attacks, it is becoming more challenging for traditional security scanners to identify and stop these threats. According to Palo Alto Networks' Unit 42 team, from June 2021 to June 2022, the rate of newly detected phishing URLs hosted on legitimate SaaS platforms [has increased by over 1100%](https://unit42.paloaltonetworks.com/platform-abuse-phishing/#:~:text=Link%2Dhosting%20sites%20are%20an,to%20consolidate%20their%20online%20presence), showing that this technique is becoming more common.

The new SaaS platform phishing detection capabilities within Advanced URL Filtering analyze both URLs and page content to detect and prevent phishing attacks using legitimate SaaS platforms that would not be identified otherwise, all in real-time.

**MitM phishing prevention.** Advanced URL Filtering in Cloud SWG protects against MitM phishing attacks using new ML-powered detection models that performs real-time web page analysis and looks at various attributes of HTTP headers that leave subtle signatures, while also identifying if traffic is going through a compromised proxy. With these cutting-edge capabilities, customers can prevent patient zero.

\*\*Phishing kit detection.\*\*With phishing kits giving attackers of all skill levels the ability to launch advanced attacks in volume, it is crucial for organizations to have the right tools equipped with advanced capabilities that can quickly identify and block pages built by these phishing kits.

With its new phishing kit detection capabilities, Advanced URL Filtering utilizes kit source code fingerprints and directory attributes to generate unique signatures that can then train its detection models to quickly identify when a page has been built with these kits. This allows us to isolate and identify the significant amount of subsequent phishing pages built from the same source in real-time.

## Use Cloud SWG to help protect your organization from phishing attacks

Check out our [on-demand virtual launch event and resources page](https://start.paloaltonetworks.com/sase-signature-moment-2023.html) to learn how the new Cloud SWG capabilities in Prisma Access can prevent today's most advanced phishing attacks.

*** ** * ** ***

## Related Blogs

### [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Your Secure Web Gateway Needs a Cloud Makeover](https://origin-researchcenter.paloaltonetworks.com/blog/sase/your-secure-web-gateway-needs-a-cloud-makeover/)

### [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Unleashing the Benefits of Cloud SWG with Agent-Based Proxy](https://origin-researchcenter.paloaltonetworks.com/blog/sase/unleashing-the-benefits-of-cloud-swg-with-agent-based-proxy/)

### [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Remote Workforce](https://www.paloaltonetworks.com/blog/category/remote-workforce/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Five Misconceptions About Secure Web Gateways](https://origin-researchcenter.paloaltonetworks.com/blog/sase/five-misconceptions-about-secure-web-gateways/)

### [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### On-Premises? Making the Case for Cloud SWG](https://origin-researchcenter.paloaltonetworks.com/blog/sase/on-premises-making-the-case-cloud-swg/)

### [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Modernizing Healthcare Networks for the Connected Ecosystem](https://origin-researchcenter.paloaltonetworks.com/blog/2022/08/modernizing-healthcare-networks/)

### [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Use Cloud SWG to Simplify Remote Workforce Security](https://origin-researchcenter.paloaltonetworks.com/blog/sase/use-cloud-swg-simplify-remote-workforce-security/)

### Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language