Phishing is a common method of online fraud. Criminal gangs use carefully designed fake websites or emails to trick users into obtaining their sensitive information, such as bank card numbers, passwords, verification codes, etc., and then commit financial fraud. Here are their usual practices: 1. **Design fake websites** - **Imitation of formal institutions**: Criminal gangs will carefully design fake websites that are very similar to well-known banks, e-commerce platforms or payment institutions. These fake websites are highly consistent with formal websites in terms of page layout, color matching and logos, making it difficult for ordinary users to distinguish. - **Implant malicious code**: Once a user enters sensitive information on a fake website, this information will be captured by malicious programs in the background and sent to the criminal gang. In addition, malicious code may also be used to steal other information on the user's device, such as contact lists, SMS records, etc., further expanding the possibility of fraud. 2. **Send fraudulent emails** - **Disguised sender**: The sender of fraudulent emails usually disguises himself as a well-known company, bank or institution, such as "bank notification" or "express notification", so that the recipient can relax his vigilance. - **Set up misleading content**: The email will contain seemingly urgent or important information to induce the recipient to click on the link. The link may point to a fake website, and once the recipient clicks on it, they may be directed to enter sensitive information. Sometimes the email will directly ask the recipient to reply with content containing sensitive information, such as bank card number, password, etc. 3. **Use social engineering** - **Establish a trust relationship**: Fraudsters will establish a trust relationship with users in various ways, such as pretending to be an acquaintance of the user on social platforms, or providing seemingly professional consulting services. - **Obtain information**: After gaining the trust of users, they will cleverly guide users to disclose sensitive information. For example, on the grounds of helping users solve account problems, users are asked to provide information such as bank card numbers and verification codes. 4. **Commit financial fraud** - **Steal bank cards**: Once the user's bank card number, password and other information are obtained, the criminal gang will immediately make purchases or transfers online to transfer the funds in the card to the account they control. - **Apply for a loan**: Some fraudsters will use the obtained user information to apply for online loans in the name of the user. Since the review process of some online loan platforms is relatively loose, they may successfully apply for loans and take the funds for themselves, while the final debt will be borne by the user.