The Register has an article on a
plug and play phishing kit which automates the installation of a complete phishing site.
Handily it's a single file (PHP script) which handles the whole tedious business of creating the relevant directories and installing the various files you would need to run a specific phishing site.
In testing the RSA phishing lab found it took around two seconds to install. Very handy indeed for even the most inept perp. Couple this with an automated search for vulnerable systems and it's no wonder phishing is taking off.