OK, I might not be typical, but despite doing lots and lots
of stuff online (including lots of financial transactions),
I've never had a problem.

Since I read email with a text-based reader (VMS MAIL, actually),
and occasionally read through spam emails, it seems that most
phishing attempts send HTML via email and hope that the reader
will follow the instructions (please update your account) and
as a result type a password, TAN or whatever into a bogus website.
Thus, if people would simply stop clicking on links in emails,
many phishing attempts would fail. (Does any real bank send any
emails like these anyway?)

If one doesn't type in URLs directly, but rather uses links in
one's own bookmark page or whatever, then the bankofthevvest
trick won't work. I have a page of such links running on a secure
web server which I can access from anywhere. Thus, at this stage,
I'm only vulnerable to DNS-spoofing, at least if I am accessing
teh site from an internet cafe or wherever. (The connection to
the bank or whatever itself would be HTTPS, so that is probably
OK. The main danger is not sniffing the connection, but rather
being connected to somewhere one doesn't want to be which appears
to be somewhere one wants to be.) If I am accessing the site
from home (or from a browser running at home with the display
directed elsewhere), I can have the DNS records in my local
DNS database, so even hijacking the registrar wouldn't hurt me
here. Any high-risk sites I access would have fixed IP addresses.

Of course, this depends on my home system being secure, but I would
say that a properly managed VMS system is as close to unhackable
as one can get.