A phishing scam is when cyber criminals create and send emails that appear to be from legitimate companies so you are tricked into opening the content of the email. The content can often contain computer viruses or will steal your login details by opening a link to a page you think is legitimate.
Most of the time you need to open an attachment before the malicious content is activated, just receiving the email isn’t enough.
Xero have produced a helpful blog post on how to avoid being phished, which you can read here.
Generally speaking if you have any doubt about the content of an email then you should report is as phishing and then delete it without clicking on any links or attachments.