Phishing targets personal information such as account password or other personal information. It is a form of internet fraud. The method of the crime may be uses of malicious programs, false internet sites or non-technical methods. This research discussed phishing from a victim viewpoint and discusses Routine Activity Theory, Lifestyle-Exposure Theory, Risk Assessment in Victimology to explore phishing. Phishing can be done without any contact between the convict and the victim. It is different from the usual Victimology. Thus, the research uses general Victimology and real case fishing from the real world to make up for the insufficiency of the Victimology theory. The research was done as online surveys with purposive sampling of nonrandom sampling. The researchers put up postings on ptt survey forum, internet auction forum, and discussion forum on other websites for people to fill out to increase publicity. They also searched for victims that shared their experiences online and ask them to fill out the survey. The research used a pre-test method for validity. It went through two modifications to get a decent validity. The final sample was 363. The researched showed the victims have a few characteristics. They were young, with low education, with low income, students, spent more days online during the week, played online games and blog. This conformed to the Lifestyle-Exposure Theory. The theories chosen in this research showed regression in logistic. We found that in Routine Activity Theory, suitable targets and phishing had a significant relationship. It meant the more one avoid having personal information as the ideal target, the less likely he/she would become a victim of phishing. The research also had other findings and hypothesis-testing as following: (1) victims showed fear of crime, comparing to those with no victim experience, they pay more attention to their personal information. (2). Most internet users value the security of their personal information. (3). Internet users trust large companies. (4). Accounts and password involved money are more likely to become targets (internet auction, online games). (5). Credit cards are safer. This research suggests prevention for phishing: (1). Educate phishing prevention. (2). One-Time Password (OTP) is an effective method on information technology level. (3). Credit cards are safer. (4). Internet users must watch out for their personal information at all times. (5). Large companies have the ability to secure information and be responsible for the safety.The research advices future researchers to target different types of phishing which reduce the problems on defining phishing. Studies done from a phisher point of view and use actual fishing activities to explain phishing is an attempt of this research. It is recommended to continue to expand and innovate and find a stronger explanatory theory, and recommendations for future studies. The design of the studies should incorporate time factor in order to clarify the cause and effect of phishing victimology.