I have a hardware firewall, and I don't use IE nor Outlook. Funny how I have never had a virus-related problem yet.

As far as phishing and social engineering, my rule is simple : mail from approved users is treated with circumspection, for the rest, if you don't know how to write, you're mail is immediately deleted.

No one I know writes "sto ck", or "medic_ation". My friends do not worry about "enlarging" myself, nor do they fret about my self-confidence. My friends have never, ever written the word "penis", not to mention "pen1s", or "pen_is" or whatever other unbelievable variation you can possibly conjure up after a week-long LSD session. And other examples are legion.

Thus, the only way to get me to read your mail is either I already know you (you know, from Real Life), or you write without any mistake at all. For me, that is 99.999% good most of the time, and whatever false negatives are left are quickly dealt with.

Bonus ? There are no false positives. Whatsoever. So what is left ? Well, mail from people I actually want to hear from. Thus, no account-stealing problems ever.

Of course, even from a friend I am wary when there is an attachment. Constant vigilance ! as said by one of the Harry Potter characters (Mad-Eye Moody for those in the know). That is the price of security, and where email is concerned, it is entirely true.