These days security is not an option. If you don't follow at lease basic security you are likely to pay the price. The main security tool is your eyes. If a link seems to come from a trusted source, check carefully - names are often misspelt. If it's not from a known source, is it at least reasonable? Spammers are getting getter craftier - even their spelling is improving - although, given the poor spelling of many these days, that's not a reliable indicator.
However, another tool is passwords. Unless you only use a handful of sites, you probably use the same password for them. That is dangerous. Not only should you have different passwords for each site, but they should also each be long. BUT no-one (well no normal person) can remember these. That's where password managers come in.
The one I've been using for years is LastPass - the last password I'll ever need. Actually, that's not quite true - there are programs that aren't on the internet so won't benefit, but LastPass greatly simplifies life. Note it has recently required a commercial licence if you use it on both computers and phones. An alternative I quite like is KeePass. My reason for this is it is open-source - a software model which offers alternatives to the commercial players. I've stayed with LastPass because they've stopped charging to use it on phones and tablets, and it's become part of my system.
Another alternative is to access systems through another system. I use RealMe to access the Companies Office and WINZ. However, I often see sites allowing you to log in via Facebook (chief but not the only option). Recently more security breaches (often of unimaginable sizes) have come to light including Facebook and Google. I don't recommend this option.