Phishing may not be the most sophisticated form of cyber crime, but it can be a lucrative trade for those who decide to make it their day jobs. Indeed, data secretly collected from an international phishing operation over 18 months suggests that criminals who pursue a career in phishing can reap millions of dollars a year, even if they only manage to snag just a few victims per scam.
Phishers often set up their fraudulent sites using ready-made “phish kits” — collections of HTML, text and images that mimic the content found at major banks and e-commerce sites. Typically, phishers stitch the kits into the fabric of hacked, legitimate sites, which they then outfit with a “backdoor” that allows them to get back into the site at any time.
(Source: Krebs on Security)
Krebs on Security