The concept is simple. You get an email that looks all official, and telling you to click a link to satisfy an issue with your account. You click the link, and enter your credentials. You might even be redirected to the site to look at your account. However, once you entered your credentials, they got you.
First, use a password manager. A password manager will not enter your credentials on a false website. So if the email claims to be from PayPal, and the URL is https://paypal.2.com (just an example), your password manager will not enter your PayPal credentials on the website of 2.com. Next, if the email claims there is an issue, open your web browser and type the URL into the address bar of the company with the “issue”. So in the above example, open the browser and type https://paypal.com/. Do not click any links in suspect emails.