Phishing is an attempt to steal your data, usually by tricking you into believing the source (email, instant message, text, website, etc) is from a viable source (even a source that you explicitly trust such as a boss or a friend) and then having you send them data or otherwise engage with a link/file that will collect your data.
What kind of data? All sorts:
Phishing can be targeted or sent out more generally. Unlike versions of hacking where security breaches are used (such as passwords or network insecurities), this is more a form of "social engineering" type attack where people engage with you to try and get you to share using a varieties of tricks (identify theft; pleas for help; claims of security or other technical issues on your account; commands or instructions from a seeming authority; pretense of friendship; offers of employment; threats of damage if you do not respond; etc). Highly targeted phishing attempts can be hard to spot and might refer to you by name, include personal information, or take advantage of your online behaviors. Because of this, phishing attempts can be hard to spot and the damage caused by being successfully phished can be hard to quantify.
This advice largely comes from The University of Alabama in Huntsville's Office of Information Technology's page (and emails) about avoiding phishing and is used with permission. It has been summed up, slightly, expanded in a couple of places, and reworded. See their page for more information and greater details, including examples.
Clues that you are being phished:
All of these things could occur in perfectly legit emails (UAH uses third party apps so sometimes the from address is different, sometimes people are just in a hurry to send an email and type it on their phone instead of on their computer, a friend/coworker might have told someone else you were interested in a job) but using these signs can protect you quite often.
(from the OIT phishing page) Most importantly, never reply to suspicious emails, tweets, or posts with your personal or financial information. Also, don't fill out forms or sign-in screens that link from these messages. In fact, it is safest to not click any links from suspected phishing attempts.
What should you do if you have been phished or suspect you have? Again, see the OIT Phishing page for more information and helpful links (it was the source of some of the information below, including the graphic):
If you shared other information, such as your social security number or other personal information, it might be hard to rectify immediately. You will need to check your accounts regularly. There are services that can track things like new accounts in your name, you might want to try signing up for one of them.
Reporting the phishing attempt
(taken from the OIT page) Most email providers, including Gmail, allow you to report suspicious emails and phishing scams. To report phishing in your UAH Gmail account, from the Gmail web interface, select the arrow in the upper-right corner of the message and click "Report Phishing."
See also: