Hack1291.blogspot.com

2.Victim enters his credentials in fake login page that goes to attacker.

3.Victim is then redirected to an error page or genuine website depending on attacker.

But main drawback in phishing is that victim can easily differentiate between fake and real login page by looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.

If you do not know what exactly phishing means , I highly recommend you to read my post on basics of phishing here.

First, I shoud tell you the basic methodology of making phishing page of any website. In a website where the users are supposed to enter/submit any data (data might be email,password or anything), there is a piece of code in html code called as action form. It looks like this
<form method="POST" action="something">.
You can find this out by simply viewing the source of web page. Right click on webpage to do so. "something" here in the action field is name or path of the file where submitted data goes. So the idea of fake login page is simple. Just download the webpage on your computer, modify the action field to change the path where data goes according to yourself, upload this modified webpage on any web hosting site and you are done. :)

Phishing is a technique of obtaining sensitive data such username,password,credit card details etc by an attacker by claiming to be a trusted or genuine organisation/company. 

The most common type of phishing is Fake Login Pages. The basic methodology of this attack is written below

1.Suppose an attacker wants to hack gmail/yahoo/facebook/bank account of the victim. Attacker creates a fake login page of that website . This fake login page looks exactly like real/genuine login page.