The process by which criminal gangs use phishing techniques to obtain sensitive information and commit financial fraud usually involves the following key steps and methods： --- ### **1. Preparation stage of phishing attack** -**Target screening**: An attacker purchases on the dark web or uses hacking methods to obtain basic information of potential victims (such as email address, mobile phone number, social media information), or collects the contact information of the target group through public channels (such as corporate official websites, social platforms). -**Identity forgery**: Impersonate banks, payment platforms (such as Alipay, PayPal), e-commerce platforms (such as Taobao, Amazon), government agencies (such as the Tax Bureau) or internal departments of enterprises to create high-fidelity emails, text messages, websites or social media accounts. -**Tool deployment**： -**Phishing website**: Register a domain name that is highly similar to the real organization (such as`paypa1.com `Counterfeit`paypal.com `), design a realistic login page to induce users to enter information such as account password, bank card number, verification code, etc. -**Malicious links/attachments**: Embed short links in emails or text messages (hide real addresses through URL shortening services), or attach malicious files disguised as “bills” and “notifications” (such as PDFs and Excel tables with trojan horses) to steal user device data. --- ### **2. Execution stage of phishing attack** -**Trickery**： -**Urgent threat**: Falsely claiming that “the account is abnormal” and “security breach”, the user is required to log in and verify his identity immediately, otherwise the account will be frozen. -**Benefit inducement**: Use “winning prizes”, “high-yield investment” and “refund compensation” as bait to trick users into clicking on links or providing bank card information. -**Forged notification**: Imitate a bank to send a ”credit card upgrade" text message, or impersonate a courier company to send a ”package delivery failed" notification to guide users to fill in personal information. -**Social engineering skills**： -Use public information (such as corporate employee lists) to accurately name victims and increase credibility. -Fake sender's mailbox (such as`service@icbc-bank.com `Counterfeit`service@icbc.com `), or disguise the official phone number through the number change software. --- ### **3. Theft and use of sensitive information** -**Direct theft**: Obtain the following information through phishing websites or malicious software： -**Account credentials**: Online banking account password, login information of third-party payment platforms (such as WeChat Pay). -**Bank card information**: Card number, CVV code, expiration date. -**Identity information**: ID number, mobile phone number, home address (for subsequent identity fraud). -**Second attack**： -**SMS verification code hijacking**: Intercept the OTP (one-time password) sent by the bank through the trojan virus to break through two-factor authentication. -**Horizontal penetration**: Use the same password to try to log in on other platforms (such as email and social accounts) to expand the scope of the attack. --- ### **4. Means of implementation of financial fraud** -**Direct theft and swiping**: Use the stolen bank card information for online consumption or make a fake card to steal offline. -**Account takeover**: After logging in to the victim's online banking account, transfer money, apply for a loan, or bind a third-party payment tool. -**Money laundering and cash out**： -Transfer funds through virtual currency transactions, gambling platforms or underground banks. -Recruit ”running points" gangs to use other people's bank accounts to divert stolen money in multiple layers. -**Identity fraud**： -Apply for a credit card, online loan or register a shell company in the name of the victim. -Falsifying documents to defraud the trust of financial institutions and commit larger-scale fraud. --- ### **5. Evade tracking and anti-detection** -**Anonymous tools**: Use the Tor network and cryptocurrency (such as Bitcoin) to hide your whereabouts. -**Rapid monetization**: Complete the transfer of funds within 24 hours after the information is stolen, shortening the tracking window. -**Destroy evidence**: Phishing websites and servers are usually shut down after an attack, making it difficult to trace their origin. --- ###**Typical case** 1. **Phishing emails from counterfeit banks**: Users receive an email with "abnormal account login”, click on the link to enter the fake online banking page, and the funds are stolen after entering the account password. 2. **Fake investment platform**: Publish “high-return financial management” advertisements through social platforms to induce users to close the platform after recharging and run away. 3. **Fake bank card SMS fraud**: Mass “points redemption” and “ETC invalid” SMS messages are sent to induce users to fill in bank card information. --- ###**Defense suggestion (user side)** -**Be wary of unfamiliar links**: Manually enter the official url and avoid clicking on the link in the email/SMS. -**Verify the source of information**: Confirm the authenticity of the notification through the official customer service phone or in-APP channels. -**Enable multi-factor authentication**: Bind hardware security keys or dynamic tokens to key accounts. -**Update your password regularly**: Avoid repeated use of the same password, especially for financial accounts. Criminal gangs continue to upgrade their technical means (such as using AI to generate more realistic phishing content), so improving security awareness is as important as technical protection (such as anti-phishing software, email filtering).