Q: How can I avoid falling victim to online ‘phishing’ scams?
A: There are various possible ways to avoid phishing scammers. One is to sign up with a bank that bravely turns off everything useful when trouble comes near. This has the minor side-effect of not actually being an online banking service, but at least neither you nor anyone else will get their hands on your money.
Another way is never to directly follow any links in finance-related HTML emails, to report and delete emails if they appear suspicious (misspelt text, strange-looking corporate logos, not-very-secure requests, etc), and only ever to log into your bank via the standard login screen that appears when you type their homepage URL into the browser and click the "log in" link.
If you’re not confident you can make the ‘another way’ work, there’s also a very, very simple way to avoid phishing. Simply delete *any* email that purports to be from your bank, irrespective of the contents. Banks will never, ever tell you anything important by email alone – if it’s connected to their online service, they’ll display it on the online banking login page; if it isn’t, then they’ll write you a letter or call you.
The only reasons your bank will send you emails are for direct marketing (which you don’t need) and to remind you that your monthly statement is ready (which you’ll already know if you care about that sort of thing).