There are various phishing techniques used by attackers:
Installing a Trojan via a malicious email attachment or ad which will allow the intruder to exploit loopholes and obtain sensitive information. Spoofing the sender address in an email to appear as a reputable source and request sensitive information.