With the recently discovered “plug and play” phishing kit, a relatively “non-technical” person with the right information could launch a phishing attack against any financial institution. No technical expertise is needed by the phisher, and it is far less risky as the remote host is only accessed once,” said Marc Gaffan, director of marketing with RSA’s consumer solutions group. The new “plug-and-play” phishing kit reduces the time and effort required of the fraudster by automating the site installation process. The “kit” is a single PHP code file, which is run on the compromised server once, and automatically creates the relevant directories and installs all of the files which are associated with the specific phishing site.