Great write up! This type of education has to be repeated over and over again. Sorry for the large image banner, but think it's useful enough to stand out for anyone viewing this post. Check out Metacert's Cryptonite plugin. It takes a whitelist approach for cryptocurrency related sites and can adjust in real-time as things change (such as when MEW gets hacked).

The green shield lets you know more than if the site is legit (as in, it has a valid SSL certificate), but also if it is who it claims to be in the cryptocurrency space.

I would also highly recommend everyone use a password manager like 1Password or LastPass. Super important today. No one should "know" their passwords. They should all be generated and encrypted at rest until you need to use them.