So basically just connect to known popular sites like Uniswap (but don't because it's fee robbery lol). Of course this might not work if the project is new and you're investing in a low-cap token, and any project could have a crooked developer or two.

Useful video, "3 Tips to Improve Your MetaMask Security": https://www.youtube.com/watch?v=2OSCIeHHV5Q