From the wikipedia definition:
Phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message).
It's derived from the obvious "fishing", in that emails are sent as bait and hoping that someone will bite and be caught.
The "ph" part is a common hackerism, replacing f's with ph's. See the Jargon File for more information
Because of the way web-browsers work, the actual text that appears as a clickable link is not actually related to where the link goes. This is basically so you can create links like this one which have any text you want in them, unfortunately that also means you can create links like this one; "http://www.paypal.com". Naively it looks like it should go to the paypal site, but it actually goes to our FAQ page.
What phishers do is create a site that looks like the proper site, but instead just collects your personal details so they can steal them and then use them later for their own purposes. Then they send out lots of emails pretending to be from the real site, and using forged links like above to get you to click on one and try and then steal your details
Like most spammers, they either built up lists by scanning web-sites, mailing lists, etc, or they just try lots of random email addresses hoping to get lucky.
Yes. Just go to the Options screen, then the Account Preferences screen and uncheck the Phishing Protection checkbox.
There are many good links to external source about phishing. Here's just a few: