The governmental use of Web technologies, including e-Government, has many advantages for citizens, but progress in this relationship has highlighted information security as an important issue in preserving a citizen’s privacy. Unfortunately, unique governmental characteristics lead users to authenticate its service unwillingly; users may investigate service’s possible and likely vulnerabilities carelessly when perceiving trustworthiness. In this paper, we study a threat model about how government Web services become privacy leak targets, especially through phishing attacks. We identify three service characteristics, sensitivity, involuntarity, and linkability, and illustrate how phishers can effectively exploit these characteristics. Furthermore, we conducted a real phishing attack experiment, hijacking a government-certified commercial service in South Korea to complete our investigation. Finally, we propose mitigation strategies for building a trustworthy government Web service against phishing attacks.