Yes, when it concerns sensitive login information, the rule is to always log in yourself and not through a link in an e-mail that you can't know the source of. And as sonnymax said, you can right-click and view the source to see what the real URL is. It doesn't have to be the same as the text that is showing.
To give a harmless example, the link below does not take you to Paypal, but to Amazon. It could have been something much worse.
http://www.paypal.com