Often criminals operate phishing scams to steal personal information, such as usernames, passwords, addresses, credit card information, and ultimately money by disguising themselves as a trustworthy entity. Criminals often lure victims to fake websites by electronic correspondence seemingly from financial institutions, social websites, auction websites, online payment processors, or IT administrators. Victims may receive emails with links to fake webpages, which appear to be authentic. These fake webpages typically request the victim to verify information by entering personal information into various information requests on the website. In this way, the user will believe that a legitimate source requested this information, and the user will enter the requested information onto the fake webpage. The criminal can then steal this information and can, for example, access the user's credit card and steal money from the victim.
Phishing kits are often freely available on the internet and are easy to set up and deploy. Phish kit files are generally located on free file hosts on the internet that are freely accessible to any user, such that anyone with internet access can easily obtain the kit files and launch a phishing website. These files typically contain the necessary tools to deploy a phishing site, such as HTML, PHP, cascading style sheets, java script, and accompanying images. Unfortunately, this also means that amateur phishers and would-be criminals have easy access to phishing kits. Once the would-be criminal has access to these files, it is very easy to implement the phishing website as the would-be criminal can simply extract the files and launch the phishing website.