depends there alot of factors:
is the victim on net or local?
on net: send a phishing letter with a url to you phishing site and cross you fingers to get luck
if on you local city/job or at public network you can sniff packets to get information and passwords