Abstract: A method for protecting personal information leaked by the phishing application includes a first step of extracting phishing server information, which is server information of a phishing application installed in a customer terminal, by decompiling a file related to the phishing application from which personal information was leaked, a second step of collecting customer-related information by accessing a phishing server through the phishing server information and scanning information included in a database, a third step of generating dummy data by performing falsification with random data so as to conform to a data format of the database of the phishing server based on the collected customer-related information, a fourth step of neutralizing personal information leakage by transmitting the dummy data to the phishing server.