When an attacker sends an email or link that looks innocent, but is actually malicious, it’s called phishing. Phishing attacks are a common way that users get infected with malware—programs that hide on your computer and can be used to remotely control it, steal information, or spy on you.
In a phishing email, the attacker may encourage you to click on or open a link or an attachment that may contain malware. Phishing can also occur via Internet chat. It’s important to double-check links that are sent to you via email or chat.
Web addresses in emails can be deceptive. Web addresses in mail may appear to say one thing, but if you mouse over them to see where they really point, they might show another destination address.
source : https://ssd.eff.org/en/module/how-avoid-phishing-attacks