The phishing-as-a-service kit from Sneaky Log creates fake authentication pages to farm account information, including two-factor security codes.