One of the simplest, most effective antiphishing practices you can do is never click on a link to go to a secured site. 95% of that refers to clicking on links emailed to you. Most banks now say "go to your browser and type 'bankname.com' to view your statment" Several months ago I got an email with a clickable link from my bank to sign up for some additional free service. I called them up and they said they'd gotten numerous complaints from other bank customers and it was their bad and would not be repeated.
The other 5% (on mac, 85% on windows) is never click on a link on a web page that says you have a problem and click here to fix it.
