In computing, phishing (spoofing) is a form of a social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message.
A hacker might pose as a staff member and send an instant message to a potential victim, asking the victim to reveal his or her password. In order to lure the victim into giving up sensitive information the message might include text such as "verify your account" or "confirm billing information". Once the victim had submitted his or her password, the attacker could then access the victim's account and use it for various criminal purposes.
In some cases the criminals place various MS Internet Explorer vulnerability exploits on such sites to install Trojans on users' computers.
Change of real URL is known as spoofing (a kind of phishing appeared at the end of 2003). In this case the attacked user can virtually view the real bank site address in the browser address line being on a fraud site at this moment.