Anytime I go to a sensitive site (my bank, etc.) I make a habit of first attempting to login using a bad password - on purpose. If you somehow got spoofed or received a bum DNS reply, the bogus site will probably let you in with any password. That would be your clue that something has gone amiss. You have to have multiple layers of protection, topped off with the most important layer of all - your common sense and wariness.