The way criminal gangs use phishing techniques to obtain sensitive information for financial fraud mainly includes the following steps: 1. **Fake websites and emails**: Criminal gangs often create fake websites that look similar to legitimate financial institutions, or use seemingly credible email addresses to send phishing emails. These emails may claim that users need to verify account information, install security updates, or confirm transactions, etc., in order to trick users into clicking on links. 2. **Induce clicks and enter information**: When users click on phishing links, they are redirected to fake websites. On this website, users will see an interface that is very similar to the real website, and the system will trick users into entering sensitive information such as usernames, passwords, credit card numbers, etc. 3. **Collect information**: Once users enter their sensitive information on the fake website, criminal gangs can obtain this data in real time. This information will be used to access users' real accounts, conduct unauthorized transactions or steal funds. 4. **Social engineering**: In addition to direct phishing attacks, criminal gangs may also use social engineering methods to interact with users through phone calls, social media or text messages to further obtain sensitive information. This may include impersonating customer service representatives or technical support and using various psychological tactics to enhance credibility. 5. **Commit fraud**: After obtaining the information, criminal gangs will use this information to commit financial fraud, including transfers, consumption, loan applications, etc., and may even try to use the victim's identity information for other forms of fraud. 6. **Laundering and transferring funds**: In order to cover up criminal activities, criminal gangs usually transfer stolen funds to multiple accounts or use cryptocurrencies for transactions through complex means to reduce the risk of being tracked. To prevent this type of phishing attack, users need to be vigilant, update passwords regularly, use two-factor authentication, and remain vigilant about the secure communication channels of banks and other financial institutions. At the same time, it is crucial to educate users to recognize the signs of phishing attacks.