Phishing is a stealthy attack vector in which the attacker attempts to deceive the user into thinking they are interacting with a trusted source, when in reality they are interacting with the attacker. Phishing can present itself as an Email, a malicious link, SMS message, phone call, or any other communication method. The most common source of phishing is email with a link or attachment. The goal is to get the user to open the link or attachment, at which point the attacker can run malicious code on the users machine or prompt them for credentials for follow up attacks.
You can't really avoid phishing attacks, but you can avoid being phished by being careful with where you browse and not opening any attachments which you are not expecting.
The most recent attacks with phishing are related to the compromise of a 3rd party or co-worker and using that degree of trust to get other users to interact with malicious content. So if the email or other communication looks like it's coming from your friend or colleague but the language is not usual, there are typos, or something just feels off, give them a call on the phone to confirm they meant to send you this.