Many network attacks actually involve social engineering rather than any particular technological prowess. Social attacks involve talking people into giving you what you want, rather than taking it by force. One of the most famous hackers of all time, Kevin Mitnick, claimed that he broke into computers solely by using the passwords and codes he gathered by using social engineering, rather than using software.
One of the best known examples of scammers trying to talk you into giving up your private information is the 419 scam, named after the relevant section of the Nigerian penal code. The scammer informs you that he needs help transferring money out of the country, and offers you a percentage if he can use your bank account to hold the money. Amazingly, this scam has been working since before email became popular (when they would actually run it by post!). It actually dates to at least the 1920s!
Phishing, on the other hand, is closer to the traditional social engineering used by hackers like Mitnick. It involves convincing the user that he's talking to a trusted party, and then using this disguise to trick the user into turning over his information. Common examples are emails claiming to be from banks or from major websites, such as Ebay and Amazon. Generally the gist of the emails is that there's a problem with your account and you need to log in immediately. On clicking the cloaked link, you find yourself on a fake site where, if you're foolish enough to enter your account information, the scammers will have themselves another victim.
The question, then, is how do we automatically detect phishing sites? While some are fairly obvious (major banks are NOT going to send you emails full of spelling errors), others look quite genuine. While the simple solution is to always type such links directly into the address bar rather than clicking them, finding a technological solution is always easier than changing human nature.