Phishing Watch

Fraudsters today use legacy tactics—such as phishing—to target online users’ account information. The Threat Command Phishing Watch solution provides advanced and preemptive phishing detection capabilities that help your organization identify attacks before phishing websites emerge attempting to redirect legitimate users from your official site.

Threat Command detects and alerts teams when the phishing site has been loaded to a spoofed domain. Additionally, we deliver critical details, report back to the organization, and enable automatic takedown of the phishing website to eradicate the threat.

Using a JavaScript snippet, the Phishing Watch solution proactively detects the copying or redirection of legitimate/official websites to an illegitimate (and potentially phishing) website in the following scenarios:

  • Website Clone Detection
  • Attackers copy the original website HTML to imitate the user experience of a real website.
  • Website Redirect Detection
  • Attackers redirect users to the real customer website after stealing their information/PII so as to not raise suspicion.
  • IFrame Detection
  • Attackers inject a hidden iframe into a webpage and steal the browser-user’s session (cookie).

To use the Phishing Watch, create and deploy a snippet, as described in Configuring the Phishing Watch.

Phishing Watch threats are shown in a dedicated Phishing Threats tab. You can fine-tune alerts with the Alert Profiler Phishing Scenario Rule Conditions.


A remediation request can be submitted for Phishing Watch alerts (only for those which originated from a non-local endpoint). Evidence may need to be provided.