DISCLAIMER: The technique explained below is intended for educational purposes only. I'm not responsible for any unlawful actions resulting from an unduly use of such information.
Social Engineer Toolkit makes it very easy to steal user credentials to websites.
One of its features, called credential harvester, is a lot of fun.
You can create a clone of a very popular website, such as Facebook or Gmail, and then either send a link to it to your victims through a phishing email or convince the victims to click it by using social engineering techniques.