These days, security is not an option. If you don't follow at least basic security, you are likely to pay the price. The main security tool is your eyes. If a link seems to come from a trusted source, check carefully - names are often misspelt. If it's not from a known source, is it at least reasonable? Spammers are getting getter craftier - even their spelling is improving - although, given the poor spelling of many these days, that's not a reliable indicator.
However, another tool is passwords. Unless you only use a handful of sites, you probably use the same password for them. That is dangerous. Not only should you have different passwords for each site, but they should also each be long. BUT no one (well, no normal person) can remember these. That's where password managers come in.
The one I've been using for years is KeePass 2. Actually, that's not quite true - some programs aren't on the internet, so they won't benefit, but KeePass greatly simplifies life. It is open-source - a software model that offers alternatives to the commercial players.
Another alternative is to access systems through another system. I use RealMe to access the Companies Office and WINZ. However, I often see sites allowing you to log in via Facebook (chief but not the only such option). Recently, more security breaches (often of unimaginable sizes) have come to light, including Facebook and Google. I don't recommend this option.