@Palletack Password managers with browser add-ons resp. using mobile system's autofill can avoid the risk here as well. I recently got a really well made fishing mail claiming to come from my ISP, with a pretty similar URL and 1:1 copy of the start/login page, but then wondered why the autofill didn't work...