Phishing is when a spammer sends a legitimate looking email that lures naive readers into entering credit card numbers, bank accounts, and other personal details on an equally legitimate looking site, handing sensitive data directly over to the hackers.
To avoid being hooked on such a scam, be careful of any emails that ask you to log in and update information. Or, you can simply type the actual address of the institution, be it your bank, or paypal, or whatever, into the address bar of a browser window, as this will certainly take you to the REAL site.
How do these phishermen send these emails and put up fake pages in the first place? By hacking into exploitable websites. Please make sure all of your carts, forum scripts, photo galleries, blogs, mail forms... every script, especially any that allow uploads, are up-to-date and properly secured. If you're not using a script, remove it or disable it by setting permissions to 000. If you suspect your site is being exploited, please contact us as soon as possible.