In this case it's best to just avoid links, especially since a lot of users are using Steemit and related frontends on their phones. The lack of following positive links like other posts is a loss that's worth it, considering that an account that falls for the malicious link will have a hard time recovering and will lose all its mobile funds.

The way these phishing links work is they typically make it look like the user logged out and then ask to log back in. Once you do, they've got the account. If it's a password, they change it and steal all the money. If its just the posting key they'll use it to post other comments to get more victims.