Phishing is just one way an account can be compromised.
There are a limited number of ways anyone can gain access to your account:
-you give out your personal information including e-mail and password (this is most commonly associated with people trying to obtain an illigitimate rank in a game without actually earning it)
-you are phished (this is common amongst the free ms points/generators that you see offered around the internet)
-you are socially engineered (this happens when a player engages another in seemingly senseless chit chat about their lives, but turns out to be a 20 question
session trying to gain your personal information so they can steal your account)
-you use an unsecure PC (typically you will want to have your encryption turned on if using wireless and be running a good anti-virus, anti-spyware, anti-
malware program as well)
-you use the same e-mail address and password for your XBL account that you use for other websites/services (for maximum security you should be using an
e-mail address and password just for XBL that you do not use anywhere else)
-you thought it would be a good idea if your friends/family knew your log in information (you know, in case they want to play)
In addtition to the above the following are ways someone can get a hold of your credit/debit information:
-if you don't shred your mail (bank/credit statements) before you bin them.
-if you shop online using an unsecure PC.
-an online website that you use has been compromised, such as the Sony website.
-your bank/credit institution security is compromised (happened a few years ago to several banks)