https://www.pcmag.com/article/364947/how-to-avoid-phishing-scams

The key to running a phishing scam is creating a replica of a secure website that’s good enough to fool most people. With the classiest fakes, every link goes to the real site. Well, every link except the one that submits your username and password to the perpetrators. As icing on the cake, the fraudsters may try to create a URL that looks at least a little bit legitimate. Instead of paypal.com, perhaps pyapal.com, or paypal.security.reset.com.

Some techniques detailed in article include:

1. Always avoid obvious fake sites
2. Verify website address in browser address bar
3. Ensure SSL lock is present
4. Be careful with source links from email & web searches
5. Implement Phishing tools & safeguards