If you're not sure it's legit, I agree, don't click on the link.
But if do you end up at a login site somehow and you're not sure it's the real deal, enter fake login and password first. It won't know what the real ones are, so it will accept it (and then probably say something like the site is down for maintenance because obviously they aren't going to duplicate the whole thing, just the login page).