Just have to comment on paying attention to the domains you receive eMail from.
Got an eMail reminding me 'to confirm your account' on a site I never heard of.
The domain was "@zainiraq.net"
Ya, like that's a safe site, .....NOT.
You need to pay close attention to eMail domains when the eMail looks suspicious or from a site you never heard of.
Suspicious eMail may even claim to be from a site you do deal with. I and an eMail that claimed to be from AARP but the text didn't look right, it was from a domain ending in ".top"
If you get eMail that does look like it's from a site you deal with but has a link to update you account info, DO NOT use the link in the eMail. If you deal with the site, you should have it bookmarked in your browser, use that to access the site. Also, many sites will have a Support contact, you should copy the eMail and Headers, and paste that into their message system so they know someone is trying to spoof them.
All suspicious eMail domains should be added to your SPAM filter. In my case, my eMail provider has a very good system for that. Then your eMail client should also have a way to filter eMail domains.