The criminals start by acquiring account information, either by placing keystroke loggers on a desktop or by deploying sniffer programs on the network or by using traditional phishing campaigns, which entice the victim to volunteer personal data.
FORBES: Cybercriminals Phone It In