I've worked 4 years as a security analyst for a trading company. Always use all security measurements available (2FA, Whitelists, IP protection, etc) and don't misspell the url, lots of trouble with that, full of phishing websites