With the advent of new attacking methodologies and types of attacks, it has become difficult to protect the systems. Therefore, it is necessary to decipher the impact of attacks before and after its occurrence to provide better security. It is hard to speculate future attacks, without understanding the network vulnerability and therefore, it is important to examine the network for identifying potential vulnerabilities using attack modeling. Phishing attacks is one of the prominent network attacks that pose continual threat to the network and organization. This article presents and discusses in brief attack modeling techniques that can be applied for risk assessment. The paper presents in detail modeling of phishing attack using attack graphs, cyber kill chain, diamond model, security incident response matrix, and data description model. Moreover, the article also discusses role of network defenders and system engineers in assessing risk and how attack models can be helpful to them for modeling attacks. The review presented in this paper can serve as a platform for researchers in the field of network security and risk assessment for developing effective and secure network environment.