In phishing attack typically attackers send messages masqerading as trusted person / entity. Phishing attack is typically used to steal user data like login credentials and credit card numbers. The message (for intance email message) can trick the user into opening a malicious link which can lead to

• installatin of malware
• takes the user to attacker's webiste
  •  attackers make sure that link inside message closely resembles their genuine counterparts with a misspelled domain name or extra subdomains
  • the attackers webiste will appear exactly like orignial website.
  • if the user enters his credentials on attacker's website then the attacker would have succesfully stolen the password.
• the url in message may take genuine  website, but it may have an executable scipt as one of the request parameter which would lead to xss attack.

How to prevent phishing attack

• 2FA is the most effective method of contering phising attack.