Criminals send out emails that look official like they're from ebay or your bank, requesting you update some information or something like that. You click the link in the email, but it sends you to the criminals' website and they get all your private info. It's nothing new, but it's becoming more common.
Some versions of Internet Explorer can be exploited by address bar spoofing when you click on a link in an email. This means the address you see in the address bar isn't really the site you're on. Pretty scary, huh?
There's two ways to avoid this problem. First, make sure you have all the security updates for IE, and pay close attention to the address bar when you're giving up sensitive information.
Second, if you're not 100% confident about a link in an email, do not click it. Instead, bring up a browser and type the link into the address bar by hand.
Always be suspicious of addresses that have @ signs in them. Everything preceeding the @ in a URL can be ignored. So if I told you to visit http://email@example.com/~jarrett/ it might look all official, but that's actually a link to my LiveJournal.
Trust no one.