Avoiding the hook
Always pay attention to links ("think before you link") before you click. Hover your mouse over links to see where they are really taking you, before clicking. Carefully observe the domain in the link. Remember, "validbank.com" is different from "validbank.com.accounts.com". Never give out a credit card number on an unsolicited request. Always ensure SSL (HTTPS) secure transactions are enabled when making any transaction online (look for the lock icon in your browser). If the browser claims the certificate is not valid, hold off until you verify with security experts. Finally, do a search to see if others have spotted any suspicious activity on the subject line/content of the message. Fortinet's FortiGuard blog is a great place to start.
Attackers may obtain kits to deploy on Web servers to make their phish seem legitimate. These kits often contain pre-supplied templates for popular banks and social networking sites. After a victim is hooked, they will be brought to the attacker's controlled Website and presented with the proper template (i.e. HTML code and graphics that mirror www.validbank.com's setup). Of course, when the victim enters their credentials - it is sent to the phisher's Website, and collected by the phishing kit.
Like most crimeware (software tools used for criminal purposes), hundreds of phishing kits exist today. One of the most popular is the Rock Phish kit. There are advanced phishing components in botnets such as Zeus and SpyEye. These use a technique known as form injection. In this case, the user's machine is already compromised (even if they log in to validbank's real site, their credentials will be sent to the attacker regardless).
However, the attacker will extract further information by injecting fields into a banking session while the victim is logging in. For example, they will supply an additional field to obtain a driver's licence number or mother's maiden name. These credentials are then leveraged down the road, typically for identity fraud.
Common phishing kits can be detected by using anti-virus and Web filtering applications. Generic anti-virus detection can help detect a kit no matter what Web server it is deployed on. Web filtering can guard against phishing Web servers, even if they are changing code/ templates to avoid detection. Kits can redirect you to the original site after hooking your information, so it's not good practice to assume that since you can log in successfully, nothing malicious has occurred.