> ## Documentation Index
> Fetch the complete documentation index at: https://docs.repacket.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Phishing Prevention

> Detect and block phishing pages dynamically

<Note>
  Repacket's AI-powered phishing prevention provides multi-layered protection against sophisticated phishing attacks.
</Note>

## Overview

Phishing Prevention is a core protection feature that combines database-driven categorization with advanced AI analysis to identify and block phishing attempts in real-time.

<CardGroup cols={2}>
  <Card title="Known-Website Categorization" icon="database" color="#07edb5">
    Block access to millions of known malicious sites from our continuously updated database
  </Card>

  <Card title="AI Phishing Detection" icon="robot" color="#07edb5">
    Dynamically analyze uncategorized pages to identify phishing attempts in real-time
  </Card>

  <Card title="Intelligent Custom Detection" icon="building-shield" color="#07edb5">
    Teach Repacket what your corporate login pages look like for enhanced protection
  </Card>

  <Card title="User-Friendly Warnings" icon="triangle-exclamation" color="#07edb5">
    Clear explanations when phishing is detected with exception request options
  </Card>
</CardGroup>

## How It Works

### Phishing Detection (Non AI)

<Info>
  We highly recommend you configure a Firewall rule to block "Phishing and Other Frauds" to block known-bad websites without relying on AI.
</Info>

Our "AI Phishing Scan" is meant to be supplemental to our existing Firewall functionality and threat intelligence.

Our "Firewall" will block all known phishing websites, whereas "AI Phishing Scan" is designed to catch completely fresh phishing pages.

### Phishing Detection (AI Phishing Scan)

For Uncategorized or otherwise configured traffic, Repacket can inspect the webpage deeper to deliver a page-level decision.

Repacket may look at:

* The DOM of the page
* Images present on the page
* Visual render of the page
* URL and certificate characteristics

Based on our analysis of these properties - Repacket can determine a webpage *looks* like a legitimate login page, but is in fact completely fake.

### Handling Detection

When phishing is detected:

1. Users see a full-screen warning with an AI-generated explanation of the threat
2. Users can request exceptions if they believe the detection is a false positive
3. This block will be cached and shared for other users
4. Administrators can review and manage these exceptions

The analysis typically completes in about 2 seconds, and users aren't blocked until analysis is complete to avoid hindering productivity. Form submissions are halted during this process.

## Configuring Phishing Prevention

AI Phishing Scan can be configured through the [Protections](https://app.repacket.com/gateway#protections) rule builder:

<Steps>
  <Step title="Navigate to Protections">
    Go to the [Protections](https://app.repacket.com/gateway#protections) section in your Repacket dashboard.
  </Step>

  <Step title="Create a new rule">
    Click "Create new rule" and select "Phishing Prevention" as the rule type.
  </Step>

  <Step title="Define scope">
    Choose which [categories](/config/categories) to apply phishing protection to. By default, it runs on "Uncategorized" sites, but can be expanded to other [categories](/config/categories).
  </Step>

  <Step title="Configure response">
    Select whether to Block, Warn, or Allow when phishing is detected. We recommend using "Warn" for AI-detected phishing to account for potential false positives.
  </Step>

  <Step title="Set exceptions">
    Optionally define exceptions for internal domains, trusted sites, or specific user groups.
  </Step>

  <Step title="Save your rule">
    Apply changes to enforce the phishing protection across your network.
  </Step>
</Steps>

## Best Practices

<AccordionGroup>
  <Accordion title="Exclude Internal Resources">
    Configure exceptions for your corporate intranet and internal applications to prevent unnecessary scanning.
  </Accordion>

  <Accordion title="Review User Reports">
    Regularly review user exception requests to identify and address false positives.
  </Accordion>

  <Accordion title="Enable Custom Detection">
    Configure Intelligent Custom Detection for your organization's login pages to enhance protection against targeted phishing.
  </Accordion>
</AccordionGroup>

## Related Features

<CardGroup cols={2}>
  <Card title="Protections" icon="shield-halved" href="/modules/protections">
    Manage all protection rules in one place
  </Card>

  <Card title="Session Protection" icon="shield" href="/modules/session-protection">
    Prevent session hijacking with cookie encryption
  </Card>

  <Card title="Firewall" icon="filter" href="/modules/firewall">
    Control internet access with granular access rules
  </Card>

  <Card title="User Management" icon="users" href="/modules/access/users">
    Manage users and groups for exception handling
  </Card>
</CardGroup>
