Some tips from me:
1.Remember to check if a frontend site uses https.

1. Only use well known trusted steem frontends: e.g steemit.com or busy.com
2. Make sure the computer you are using is free from malware and keyloggers
3. Dont store your steemit password on your google account with chrome. Somebody just needs to compromise your google account to get your steem password.
4. Don't just click on a link if it is a shortened url. Find out where it redirects to with this site: http://www.checkshorturl.com