Typically, phishing (from "password fishing") scams involve an email alerting the user to a problem with their bank or some web site account. The user is led to a page that mimics the secure and trusted site exactly, but is hosted by the scammer. User names and passwords entered on a phishing site are captured.
How to Avoid Phishing Scams
To avoid falling for phishing attacks, always type banking, shopping, auction and similar site's address into your browser's address bar manually. Make sure you use a secure HTTPS connection (indicated by "https://") when entering user names and passwords, and that the associated certificate is valid.