According to Wikipedia,

"phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication"

In 2007 alone, 3.6 million adults lost $3.2 billion and the number today is much higher. Most phishing attacks are directed towards consumers, but with cyber crime and online industrial espionage, attacks against corporations are increasing. It just takes one employee to fall for a phishing attack before criminals can tap into your company's bank accounts or competitors have access to customer data or sensitive competitive information. And in the case of the latter, you may not ever notice that you have been phished.

Many technical solutions have been proposed to combat phishing, but none of them are fool proof. The only effective ways are educating users about how to detect phishing as well as eliminating passwords and this is where identity management providers can help.

If your users only have to remember one password, i.e. to their SSO portal, it will be easier for them to detect phishing attempts. Plus, if none of your users have a Salesforce password, they can't be tricked into entering it on a fake Salesforce login page.