It is like fishing in the sense that criminals send out mass emails “bait” hoping someone bites. The bait is an e-mail out falsely claiming to be a legitimate organization like a bank, credit card company, online payment service, or any service, company or website they think people will trust in an attempt to trick people into giving private information that can be used for identity theft, theft from your bank, online account, etc.

The e-mail will direct the unsuspecting person to visit a Web site where they are asked to update personal information, such as user names, passwords, credit card information, and bank account numbers, which the legitimate organization already has.
This Web site, however, is spoofed and was set up only to steal information.

Link manipulation/spoofing
Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of sub-domains are common tricks used by phishers. Another common trick is to make the anchor text for a link appear to be a valid URL when the link actually goes to the spoofed site.

Website forgery/spoofing
Some phishing scams use JavaScript to alter the address bar to make it seem legitimate. This is done by placing a picture of the legitimate company’s URL over the address bar, or by closing the original address bar and opening a new one containing the legitimate URL.
In another method of phishing that is quite popular, an attacker uses a trusted website’s own scripts against the victim. These types of attacks (cross-site scripting) are particularly nasty, because they direct the user to sign in at their bank or service’s own web page, where everything from the web address to the
security certificates appears correct. This attack is very hard to spot as it is the link to the website is crafted to carry out the attack.

Damage caused by phishing – The damage ranges from loss of access to email and other online accounts to loss of money, investments, etc. Phishing is becoming more popular, because of the number of unsuspecting people who are easily tricked into divulging information to phishers. The collected information includes credit card numbers, social security numbers, and mothers’ maiden names. It is also possible that identity thieves can add more information to what they have gained through phishing simply by accessing public records. Once this information is acquired, the phishers may use a person’s details to create fake accounts in a victim’s name, ruin a victim’s credit, or even prevent victims from accessing their own accounts. As you can surmise the result can be a destroyed life. That is why it is extremely important everyone learns to recognize phishing and avoid being caught.