Wait, why are we encouraging people to make phishing attacks?

Most phishing attacks seem to follow the same basic four steps: recon, development and deployment, initiating the attack, and collecting the results of the attack.

First, the attacker must identify, typically via OSINT (Open Source Intelligence Gathering), target email addresses. One common technique is to data mine social media sites like LinkedIn and Facebook. An awesome tool that can greatly aid in this is Recon-ng written by Tim Tomes.

Once the target acquisition had been completed, the attacker must decide on the type of attack: credential harvesting, malicious attachment, or so on. Whatever the decision, work must be done to create the credential-harvesting website, create the malicious attachment, etc.

Next, the attacker would design and send the phishing emails. This can be done by using a standard mail client or in a more automated manner via custom scripts.

Finally, there is the waiting. At this point, if all were done correctly, the attacker would wait to see if any of the sent emails resulted in a success, including captured credentials, remote access shells, etc.

While the simplified process presented above may seem fairly easy and straight forward, the actual execution of a phishing exercise can typically be a bit complex. Some great tools can be used to help simplify the process and assist in the deployment of phishing attacks ,such as the Social Engineering Toolkit by TrustedSec and PhishingFrenzy by Brandon McCann.

for good or for evil? 

Is there phishing for good?

some would say yes. http://phishme.com/

So... Self-phishing to identify my vulnerabilities before bad guys do? http://phish.net/faq/phood

gotta test the defenses

The best defense is a tested defense.