Hello
First of all, as you say, there are phishing sites that copy identically the known sites (ISP, bank etc).
There are also other attacks like exploits, drive-by downloads or spam with attachments.
Exploit : A site that exploits security holes in targeted software (browser, Java, Flash, etc.) in order to install malicious software (Ransomware, Worm, Trojan, Botnet, etc.) without your consent.
To protect yourself: Update all your software and a strong antivirus.
Drive-by download : Site that will force you to install malware by exploiting ALL the flaws of the machine ! It is the most violent.
To protect yourself : Same as the exploit.
Spam : You receive an email with an attachment you don't know... Curious, you open it... but the damage is done!
Usually, a Word Macro is hidden in it to download a malware.
To protect yourself: Don't open or reply to any e-mail you don't know!