Phishing does not only come in an email variety
Most are pretty familiar with e-mail phishing. You receive a message in your inbox that looks like it came from your bank, the government or even Princeton, asking you to supply your ID and password, your bank account number or any other piece of personal information for some sometimes plausible, sometimes not reason, e.g., the organization is checking their database records, etc. The message often looks official with organization logos and even the organization's style. Occasionally, the messages have pretty unprofessional appearance with misspellings, poor grammar, etc. But people respond.
Web sites can also phish in pop-up windows you may receive where the popup claims that it will provide interesting services, like cleaning up your PC, for just a little of your information.
Then, there is phone phishing where you receive a call from a bank or other organization asking you to provide your information to establish your identity (Didn't THEY just call YOU?)
The thing to keep in mind is that none of the above scenarios should be trusted. No organization will ask you to provide your personal information in an e-mail response. No organization will call you asking for your personal information. And unsolicited messages popping up in your browser should be ignored.
Click here for more in-depth information about the phishing threat and what you can do about it.