Phishing is an email attack that contains links to a fake login panel. The BOGUS website will ask you to login with username and password. IF you login the username and password will go directly to the attacker.
How to protect from phishing
Email good practice
Check the sender, especially if you do not know who is writing to you.
Do not click automatically at any link in the email. Take the time to review it; you can use free tools like virus total to double-check if there is anything fishy behind.
In some cases, your friend or family member could also be hacked, and you receive a message from the Hacker/spammer itself. If the wording/topic is odd, contact the person directly and ask if he/ she sent such a message.
Web Best Practice
Check if the website is authentic. You can do that by looking at the certificate of the webpage in the browser.
Check if it uses https, but be careful this is just one indication. Many hacked or scams websites also use https if it is Http than there is a bigger chance that the site is fishy.
Compare links you received and the one you find after a web search.
Are there any discrepancies? Then there is a chance that the website is a phishing one.
Scan the website for Malware and lousy reputation with free tolls like virus total.