You get an e-mail from your IT department that tells you their doing maintenance on the e-mail server and they need you to logon to the system to re-verify your credentials. You click on the handy link, see your familiar logon screen, and enter your credentials. Only later do you realize that the site to which you gave your credentials wasn't run by your IT department at all. Someone, quite possibly a criminal, now has your credential, and you have to hope you can get them changed before the criminal has a chance to use them.
Sound farfetched? Think you'd never fall for such a scam? Meet Brad DeLong, professor of economics at UC Berkeley and deputy assistant secretary of the U.S. Treasury during the Clinton administration. The scenario I described is roughly what happened to him, as he describes in a blog post entitled "Phishers 1, DeLong 0."
You have been warned!