How it works is...
1) You spam victim(s) with the FAKE site link (make it attractive to click)
2) Victim clicks and it seems like they need to sign in
3) They sign in, you get password :)
The fake site is usually a subdomain. Like www.subdomain.domain.com
In action, it is like www.hotmail.fakedomain.com. Usually the 'fakedomain' is a short text.
So if you are brought to a sign in page, always check the URL. Make sure it is www.hotmail.com and not www.hotmail.fake.com :)
Hope you like it! XD