If you use a browser/extension wallet, assume the page can lie. Avoid copy/paste; use an address book or a QR / known contact. Do small test sends. Never type a seed anywhere except your hardware device during setup. If a web page asks for it then close the tab.
Check and revoke suspicious token approvals (e.g., revoke.cash) after using unfamiliar dapps.
I don't have a hardware wallet yet but this seems serious as it is all over the crypto communities, I also found it because someone else has shared this thread some other place of this forum. I don't understand most of the technical terms you mentioned here but for someone like me, I think it is best to see if our address is correct if that is then we are good to make the transaction right!
About browser extensions wallets, I read it somewhere here that when we connect our wallet to some website if it is unlocked don't type the password, first unlock it without giving command to the site to open the wallet, unlock it and then connect. I have pinned the site for revoking thanks for sharing.