The first thing you need to know about Rock Phish is that nobody knows exactly who, or what, they are. Wikipedia defines the Rock Phish Kit as "a popular tool designed to help nontechnical people create and carry out phishing attacks," but according to security experts, that definition is not correct. They say that Rock Phish is actually a person, or perhaps a group of people, responsible for as much as one-half of the phishing attacks being carried out these days.
Why should you care? Phishers try to trick Internet users into divulging sensitive information on phony Web pages made up to look like a bank site or an online shopping site. It"s a type of attack that is becoming very lucrative. Research firm Gartner estimates that phishers will cost U.S. businesses and consumers a whopping $2.8 billion this year. The average take: $1244 per victim. No one can say for sure where Rock Phish is based, or whether the group operates out of a single country.