Provided is an Internet information security technique, and more particularly, a method for alerting a user that a connected web site is a phishing site by comparing connected web site information with normal site information. To this end, the method includes the steps of: (a) extracting information on a presently connected site; (b) if information on a normal site having the same domain as the connected site exists in a database, comparing the connected site information with the normal site information; and (c) if the connected site information does not match the normal site information, alerting a user that the connected site is a phishing site. Therefore, the user may safely use the Internet by confirming whether the connected web site is a phishing site.