I think information like this is very important, especially to people who are new to technology.
Whenever you interact with ANY site that requires a password (social media, banking, steemit) make sure you type it in to your browser yourself (or use a bookmark from your own browser).
Also remember, facebook, your bank, and most other sites requiring a login will address you BY NAME they will never say "Dear user" or "Dear [email address]
RE: "New" phishing technique, using padded urls on mobile apps