The process by which criminal gangs use phishing techniques to obtain sensitive information and conduct financial fraud usually involves the following steps: 1. **Designing a fraudulent website or email**: Criminals first create a fake website or email that looks legitimate, with the appearance and content mimicking a real financial institution, online service provider, or other trusted entity. 2. **Distributing phishing messages**: Attackers distribute phishing links to a large number of targeted users through email, text messages, social media, or other channels. These messages often use urgent or interesting content to induce users to click on the link, such as "Account locked", "Important security update", etc. 3. **Trying users to provide sensitive information**: Once users click on the phishing link, they are directed to a fake website or login page. Here, users may be asked to enter sensitive information such as usernames, passwords, social security numbers, bank account details, and credit card information. 4. **Collecting and using information**: Once users provide information, criminal gangs collect this information for illegal activities. This may include directly stealing funds from the victim's account, applying for loans in the victim's name, or selling the information to other criminals on the dark web. 5. **Avoid detection and capture**: In order to avoid being detected or tracked, criminals often use anonymous networks, obfuscation techniques, and money laundering schemes to hide their identities and the flow of funds. Preventing phishing attacks requires users to be vigilant, not click on unknown links easily, and practice good security habits, such as enabling two-factor authentication and using anti-phishing software or services. Financial institutions also need to strengthen customer education and provide clear communication channels to prevent security incidents caused by lack of trust.