OK.
First rule of defense against phishing: Know the domain you're supposed to be at. Secondlife.com is the ONLY domain Linden Labs runs, so if the server name is rearranged, or has "marketplace" or whatever tacked next to the domain name with no periods in between? It's not run by LL. This goes for any site you visit, be it SL, or Amazon, or even your bank. If there's extra stuff after the ".com", then it's a fake-out, don't click.
Second rule: Any time you're told to enter personal data, look for an HTTPS header on the form - this tells you that A) everything sent between you and the site server is encrypted, and B) the key being used belongs to Site XYZ. If there is an HTTP lock displayed, but the certificate is expired, invalid, or doesn't match where you're going, then, it's a good bet someone's trying to shine you on. Never enter your userID or personal info if you don't see an HTTPS "lock" and verify the certificate as belonging where you expect it to belong.
Third rule: If there's money involved (real or virtual), expect people to try and scam you. Refer to rules One and Two above, understand that you'll never get accounts suspended or corrupted, or be given exclusive beta keys or a sparkle pony, for no apparent reason .... and above all, if the email is legit, they wouldn't be asking for your email and your password.