This problem is largely behaviorial. The only immediate way I can see to prevent capturing sensitive data is to always attempt to log into such sites purposely using bad credentials. If the site lets you in, then it's likely bogus. Of course, it would be tough to get people to adhere to this....

[ more ]