"A phishing kit targeting the Bank of America contains an interesting insight into the intellectual hierarchy involved in Internet fraud. At first glance, the phishing kit looks attractive to any fraudster – it is straightforward to deploy on any web server that supports PHP, and a single configuration file makes it easy to specify an electronic mail address to receive captured financial details. In addition to requesting the credit card numbers and bank account details, a second form on the phishing site asks for the victim’s SiteKey challenge questions and answers, which can help a fraudster gain access to the victim’s Internet banking facilities.
However, while the phishing kit is easy to use, an encrypted component within the kit is used to send a copy of the captured details to an additional gmail address, which belongs to the author. This will not be obvious to most fraudsters using the kit, as the relevant code is detached from the configuration file and is heavily obfuscated, requiring some effort to decode." Netcraft: Phishing kits take advantage of novice fraudsters