While I can usually delude myself into thinking I’m reasonably intelligent, I nearly fell for the “Amazon” scam a couple of years ago — and might have done so had the website been better designed. Where the scammer screwed up was by putting requests for information that Amazon would have had on file (ship-to address, home phone, &c) on the “login” screen. I presume it was an attempt to collect as much information as possible before the penny dropped, but in my case it raised a huge red flag.
Two upshots are that I routinely hover over the sender to see if the address appears reasonable (although that’s no longer a guarantee), and I never, ever click on a link in an email. If it seems to refer to the senders website, I go there directly; if not, tough.