What conditions must be met for a phishery attack to succeed?

The target must be able to resolve the attacker's domain (e.g., via DNS, hosts file, or gateway), and must trust the HTTPS certificate used by the phishery server. Without certificate trust, the victim may see a security warning; if they proceed, the authentication prompt appears. The attacker can use a legitimate CA-signed certificate, a trusted certificate, or have the victim manually install a self-signed certificate. The domain name should mimic a legitimate resource to increase deception.