Phishing is a con game that scammers use to collect personal informationfrom unsuspecting users. The false e-mails often look surprisingly legitimateand even the Web pages where users are asked to enter their information maylook real. Phishing is similar to fishing in a lake, but instead of trying tocapture fish, phishers attempt to steal personal information. This paper givesbrief information about phishing, its attacks, steps that users can take tosafeguard their confidential information. This paper also shows a surveyconducted by netcraft on phishing. Phishing is an attack that deals with social engineering methodology toillegally acquire and use someone else’s data on behalf of legitimate websitefor own benefit (e.g. Steal of user’s password and credit card details duringonline communication). It is affecting all the major sectors of industry day byday with a lot of misuse of user credentials. To protect users againstphishing, various anti-phishing techniques have been proposed that followsdifferent strategies like client side and server side protection. In this paperwe have studied phishing in detail (including attack process and classificationof phishing attack) and reviewed some of the existing anti-phishing techniquesalong with their advantages and disadvantages. Organizations investheavily in technical controls for their Information Assurance (IA) infrastructure.These technical controls mitigate and reduce the risk of damage caused byoutsider attacks. Most organizations rely on training to mitigate and reducerisk of non-technical attacks such as social engineering.