The easiest way for a cybercriminal to steal confidential data is by stealing employee login credentials.ie. user name and password. Cybercriminals get unsuspecting employees to reveal their login credentials to corporate email accounts and other important applications by posing as a trustworthy entity. This practice is known as “phishing”. For example, criminals might send emails that look as if they came from a sender you recognize and trust. Usually the tone of message suggests that something is wrong with your account and provides a link for you to click on in order rectify the problem. Clicking this link takes you to a form that prompts you to verify your login credentials. An unsuspecting employee provides this information without realizing that he/she has just provided this information to a cybercriminal who can then access and steal sensitive personal and corporate data.
Here is an example of what a phishing scam in an email message might look like (Microsoft Security Center- http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx )