Phishing attack typically start with an e-mail which is asked to click on a link. Recipients click that which appears to be a genuine website, where they give their personal details.