Manual Chapter : Configuring phishing detection on a URL

Applies To:

Show Versions Show Versions

BIG-IP FPS

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.0
Manual Chapter

Configuring phishing detection on a URL

Configure phishing detection on a URL if you want the system to check for phishing attacks on the web page of the URL, and send an alert to the FPS Dashboard if an attack is detected.
  1. On the Main tab, click
    Security
    Fraud Protection Service
    Anti-Fraud Profiles
    .
    The Anti-Fraud Profiles screen opens.
  2. From the list of profiles, select the profile on which you want to configure phishing detection.
    The Anti-Fraud Profile Properties screen opens.
  3. In the Anti-Fraud Configuration area, click
    URL List
    .
    The URL List opens.
  4. Click the URL on which you want to configure phishing detection (or click
    Add
    if you want to define a new URL with phishing detection).
    The URL Properties screen opens.
  5. In the URL Configuration area, select
    Phishing Detection
    .
  6. Select the
    Enabled
    check box for
    Phishing Detection
    .
    The Phishing Detection configuration options appear.
  7. Select the
    Enabled
    check box for the
    Log credentials theft by a phishing site
    setting if you want the system to log the user names and text fields (not passwords) of users attacked by a phishing attempt on this URL.
    This setting does not appear if
    Web page copy detection
    (in the Advanced settings) is disabled.
  8. Click
    Advanced
    .
  9. Select the
    Enabled
    check box for the
    Web page copy detection
    setting if you want the system to detect whether the web page for this URL has been copied and send an alert to the FPS Dashboard if it determines that this happened.
  10. Select the
    Enabled
    check box for the
    JavaScript removal detection
    setting if you want the system to detect whether JavaScript is missing from the web page of the URL and send an alert to the FPS Dashboard if it determines that this happened.
    This is part of the system's phishing detection backup mechanism.
  11. In the
    Location of Phishing Inline JavaScript and Image Injection
    field, select whether you want the phishing inline JavaScript and phishing image to be injected before or after the tag that you specify in the Tag field.
    The phishing inline JavaScript must be injected into the HTML after the main FPS JavaScript.
  12. In the
    Input field types to include in alerts
    field, type HTML input field types (such as
    text
    or
    checkbox
    ) on the web page that you want to include in alerts.
    For example, if you add
    text
    , the system attaches the values of all
    text
    input fields on the web page to alerts.
  13. Click
    Save
    .
    The URL configuration settings are saved.