Phishing is a social engineering technique that attempts to acquire sensitive information, such as user names, passwords, and credit card information, from a human target. During a phishing attack, a human target receives a bogus e-mail disguised as an authentic e-mail from a trusted source, like a financial institution. The e-mail contains a link to open a fake web page that looks nearly identical to the official site. The style, logo, and images may appear exactly as they are on the real website. If the human target fills out the web form, you can collect the information as evidence.
When you run the campaign, Metasploit Pro creates a web server on your local system to host the web page. When a human target clicks on the tracking link and visits the web page, Metasploit Pro records the visit and any information that the human target submits through the web form.