Not having an account for every single damn website + only login from websites you actually entered without following a link goes a long way to avoid that.

Sure there may be existence of typosquatting here and there but they tend to be much easier to spot vs the phising url using unicode variants.