I think information like this is very important, especially to people who are new to technology.
Whenever you interact with ANY site that requires a password (social media, banking, steemit) make sure you type it in to your browser yourself (or use a bookmark from your own browser).
Also remember, facebook, your bank, and most other sites requiring a login will address you BY NAME they will never say "Dear user" or "Dear [email address]
Yes, you're absolutely correct! Many financial and fiat phishing attemps can be deciphered from legitimate emails from how they address the user. There is also a reason why spear phishing (targeting something or someone) is as effective as it is. By addressing the user by their name from other compromised sources, the attacker can gain a solid success rate. Always go right to the source! If for instance, paypal emails you, theres a good chance you can avoid the email all together and login directly and securely to their website.