Phishing comes in mind if you want access to another account, but you aren’t able to bypass the login (e.g. SQL-Injection) or to find out the password fast enough (e.g. Brute-Force).
If you have a special account of interest you just need to know the email, which is sometimes already used as the username. If you want to get access to multiple accounts instead you can use an email list you gathered online.
The next step is to fake an email with a matching layout/style and addressor. The text of the email should create a task where the user want’s to press on an added link. That link should be quite close to the real url, but brings the user to your created website.
The website itself should also look like the original one. As soon as the user has entered the username and the password you save them into a text file or a database. Afterwards you should forward the user to a website where he/she can do for what they came for.
The most important thing is that the user isn’t getting suspicious at all.
Example for PayPal
1. Email
If the user wants to know it’s account statement he/she will follow the link to your website.
2. Website
After the user entered his/her credentials save them into a database. Then login the user into the original website and forward him/her to that site.