hi there jack
actually phishing is not a hacking process, it is more like "lying the dummies"
you see,for exemple when you log into your facebook account (it might be any other page yahoo, msn, gmail whatever etc) you use your email and pass.
but some "friend of yours " is sneaky, so he sends you a link, and says "hey check this out" or sth tempting
you click on the link and a new tab is opened, you see a facebook login page. you login by inserting your email and pass (without knowing that that page is fake, if you look at the link , it is not facebook.com, it might be any other host)
of course you log in and it looks everything normal
but you didn't know that the fake page actually had some malicious script in it, the page was created to redirect you at facebook.com after a while, and at that exact moment that you pressed login the script sends all the input at some hidden link.
after you logged in, your friend is pleased, he has all your details in plain text.
from then he can login into your account and god knows what he can do (depending on your account security level)