Sending a link to a malicious site and making a victim follow it is only half the battle for the phisher. The scammer then needs to get the required information. Trojans are often used for this purpose. Usually the following methods are used to infect a computer that has landed on a compromised (fake) website.
No action needs to be taken to get a system infected. It occurs automatically while visiting the website.
Software vulnerabilities cause software errors that can be used to infiltrate a network and interfere with its operation. Theoretically any error in the program code can be used to cause harm to the system.
Any software, including macOS and Linux, as well as e-banking system software, has vulnerabilities. But Windows and Android, in particular, have many vulnerabilities.
Software developers do their best to close vulnerabilities, especially critical ones, but sometimes virus writers find them before developers (it's a zero-day vulnerability that is still only known to virus writers or hasn't yet been closed by the software vendor).
The vast majority of today's "successful" Trojans penetrate the system via vulnerabilities, including zero-day vulnerabilities.
Today's malware in most cases remains unnoticed on computers. Sometimes an infection remains undetected until the malware starts operating. In this situation, the PC user does not know that their personal data and money have already been stolen by hackers.