Brand Phishing Protection
Web Risk Brand Phishing Protection is a premium Google Cloud security service that proactively detects and disrupts phishing attacks impersonating brands, with a primary focus on financial institutions. Brand Phishing Protection uses Google's real-time telemetry from billions of users and AI-driven models to identify malicious sites. Detected sites show a Safe Browsing interstitial warning to users.
Key features
- Proactive threat detection: Uses brand-specific AI models to identify new phishing sites in real time.
- Rapid Disruption: Identified threats are added to the Google Safe
Browsing block list within minutes, protecting users across major browsers.
Note: Brand Phishing Protection access is managed through an allowlist. To see if this product is a good fit for you and to request access, contact your sales representative.
Get started
Access to Brand Phishing Protection requires onboarding with the Google Cloud security team.
Enable the Web Risk API within your Google Cloud console project.
In the Google Cloud console, search for Web Risk API.
Click Enable.
Give the required Identity and Access Management permissions to users who need to access Brand Phishing Protection features.
- If you don't have the Google Cloud CLI installed, install it.
- Grant the Web Risk Viewer role by running the following command for each
user:
gcloud projects add-iam-policy-binding {project-id} --member='user:{email}' --role='roles/webrisk.viewer
Console dashboard overview
The Brand Phishing Protection Dashboard in the Google Cloud console provides visibility into threat metrics and analytics, including the following features:
- Summary Metrics: The total number of warnings shown to users and the number of malicious hosts blocked.
- Geographical Breakdown: A map-based visualization of global user protection.
- Screenshot Gallery: Screenshots showing detected phishing sites impersonating your brand.
- Host Analytics: A list of detected malicious hosts, including the time that each was first blocked and the number of unique malicious URLs per host.
Glossary of metrics
The Brand Phishing Protection dashboard uses the following metrics to quantify the impact of phishing attacks and the effectiveness of protection measures.
| Metric | Definition |
|---|---|
| Warnings shown | The total number of times Chrome Safe Browsing users were presented with a Google Safe Browsing warning page when attempting to access a malicious URL that's relevant to your brand. |
| Malicious hosts found and blocked | The number of unique hosts identified as hosting phishing content and subsequently added to the block list. |
| Unique URLs | The count of distinct relevant malicious URLs associated with a specific host that were identified by Google's detection systems. |
| Unique URLs (customer submitted) | The number of unique malicious URLs for a host that were explicitly reported to Google by the customer using the Submission API. |
| First blocked | The timestamp (date and time) when a malicious host was first identified and added to the Google Safe Browsing block list. |
| Last warning | The most recent date a warning was issued for malicious URLs on this host. |
| Total blocked hosts | The total number of unique malicious hosts detected that are relevant to your brand. |
Submission best practices
Even though Brand Phishing Protection is proactive, you can also programmatically submit phishing URLs using the Submission API to help improve detection accuracy and accelerate disruption of known threats.
For more information, see Best practices for using the Submission API.
Submission closed reasons
Web Risk Brand Phishing Protection customers receive access to additional context on closed submissions.
For more information about why a submission might be closed without being added to a block list, see Understanding CLOSED reasons.