How Phishing Works
According to Wikipedia, "Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay, Youtube or online banks are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a website. Phishing is an example of social engineering techniques used to fool users."
How does phishing work? Most commonly, spam emails are sent out which purport to be, say, from a well-known bank informing the recipient that he or she needs to log in to their account and change their password. The email contains a link which while it appears to lead to the bank's website, actually leads to a mocked-up version of it. When the user enters his or her details, that information is then in the hands of the phishers and they have all the information they need to be able to access that person's bank account.
These scams are not at all easy to spot (SonicWALL's Phishing IQ Test will give you an idea of just how difficult they can be to detect). Links in HTML emails can easily be made to appear to lead to somewhere other than the real location (for example, this link (www.google.com) will lead you to Bright Hub) and the mocked-up websites to which the links lead can appear almost identical to the real website.