Welcome. Just pretend this is someone's profile on, say, Twitter. You click on the website they posted on their profile. Nothing appears to happen. You think, "Whatever, must've been a twitter bug or something". Little did you know, the website you clicked on contained code to exploit window.opener and redirect the original twitter page to the attacker's phishing twitter login page.

Now click here to visit my totally not malicious site!