Steemit being an open source make it easy to clone. I'd say always look at the address bar, check the 'green' certificate mark and never ever enter your password/key after clicking on redirect link. Bookmark the page or type the address yourself and login this way!