The most typical phishing attack is to lure the recipient to a phishing website that is very similar to the website of the target organization through careful design, and obtain the personal sensitive information input by the recipient on the website. Usually, this attack process will not alert the victims. This is a "social engineering attack".
"Fishing" itself is not an independent means of attack, but more a means of fraud, just like some frauds in reality. Hackers use fraudulent emails and fake websites to trick visitors into providing some personal information, such as credit card numbers, account numbers and passwords, social security numbers, etc.
Importance of digital certificate:
Digital certificate is a very safe way, through which secure communication and electronic digital signature can be carried out, and electronic signature has legal effect. Online transactions transmit online data under the protection of digital certificate signature and encryption, which eliminates the possibility of phishing using cross-site cookie attacks and sniffing detection.
Digital certificates can be copied, just like the keys of a house, users should take good care of them. For some counterfeit institutions and relevant government administrative departments, corresponding measures should also be taken to crack down on criminal activities such as fishing. For example, banks can also actively take technical measures and publicity activities to let users identify the true and false and avoid being fooled.
Relevant government departments should also communicate and cooperate, locate and close these fake websites in time, recover stolen user information from the owner, and reduce direct and potential losses.