Phishing is the practice of tricking a user into using malicious software that is designed to look legitimate. The malicious site may try to harvest credentials, or trick a user into downloading a tampered version of key software. For example, if you are tricked into logging into a malicious website at c0inbase.com, the attacker can then use your username and password to access your Coinbase account.
Phishing is a common practice. Users of desktop wallets like Electrum were attacked with a false upgrade notice, tricking them into downloading a version of the software that steals their Bitcoin.
Watch carefully for HTTPS warnings on cryptocurrency sites.
Always check the URL on cryptocurrency sites.
Use a multi-signature wallet, which would require the user to be tricked multiple times before fund theft is possible.
Use a sovereign key storage system that avoids single points of failure.