If you are afraid your credit card has been used fraudulently at an otherwise legitimate site you might have an instinctive reaction to login and see ... is going on, to view or cancel the transaction, etc. The goal of phishing scams is to prey on this reflex and hope to catch you off guard.

You can scoff if you want but even experienced security researchers have been phished. I remember one case where the person admitted they got phished because they were reading email from their phone, the email client/browser they were using didn't have as good facilities for showing the full URL and so on, so they fell for it whereas if they'd been at home they might not have. There have also been some really really well done Google apps phishes lately.