As the richness of the web experience increases due to interactive technologies available on the client-side unscrupulous people work to catch people off-guard for their own advantage. At the most benign level this is done by advertisers seeking to gain attention. At the worst thieves use client-side scripting as a virtual pickpocket tool.
When possible I remind my family members to stay on alert when on-line (or even off-line). This includes not clicking on links in email, of course. It also includes not logging into a service unless they have entered the URL themselves or used a bookmark they have set up. Yes, this does not prevent MitM attacks and will not protect them from a scheme that changes a browser's bookmarks. But it solves the bulk of the phishing attacks to date.
One reason I prefer specialized apps for important services (banking, on-line status update services, email) over using a generic web interface is that specialized apps are less prone to be faked by XSS, phishing look-a-like pages, etc. This is especially true of closed platform apps like iPhone/iPad apps that undergo an approval process by a third party.
Sad as it is to admit one benefit to the lack of "freedom" on the iPhone/iPad platform is protection from scammers.
What is an open alternative to protecting the unaware from these scams? I'm all ears.