The invention provides a method and system for preventing the phishing attack on the basis of a mobile terminal. The method comprises the following steps of: (1) account binding and data initialization, i.e. a user initiates a binding request to an application server at a client and after the binding request is authenticated by an authentication server, the binding is successful; and (2) authentication application, i.e. the user initiates logging application to the application server, the client simultaneously initiates a terminal authentication request to the authentication server and a terminal authentication result is obtained by the authentication server and is returned to the user. The system comprises the mobile terminal, an application server side and an authentication system. In the invention, the client can be arranged on various mobile terminals of the user as software so as to solve the cost problem caused by the application of a current hardware client. An authentication server side is used for authenticating according to double-line link data of information transmitted by the application server side and the mobile terminal by combining position information of the mobile terminal and terminal information, so that the problem of phishing attack is fundamentally solved.