Shortly after most people get on the net, they find scams heading their way in their e-mail, or encounter one on a website. You have to learn how to spot them yourself, as the human brain is the only thing that adapts quick enough. Automated protection tools are not foolproof, and usually lag behind the outbreak of new scams. This page gives some hints about it, the rest is up to you to think carefully about what you're doing.
In short, most incredible sounding offers should not be believed or trusted. Anything that lies to you, or tries to trick you in any way, should not be trusted, at all. You can't win a lottery you didn't enter into. You're not going to inherit lots of money from a complete stranger, nor someone claiming to be a relative (lawyers would write to you properly, on paper, not send an email that has bad grammar as if it were written by a primary school student). Really cheap copies of expensive software are probably not going to be legal or safe to use. Get rich quick schemes are going to try to steal your money, or launder money through your bank account. Offers that come addressed to someone else, or tell you to respond to a different address than where the message came from, are most likely a scam. And so on…
Firstly check the email addresses that the message are sent to. And by “check,” I mean look at it and think about it. Don't blindly click on things to see what happens. If it's not addressed to you correctly, is addressed to someone else, or is addressed to a long list of people, be suspicious.
e.g. If your address was "John Doe" <john@example.com> then most of your mail should come addressed to you like that.
Although there are exceptions (such as mail you get from mailing lists), but you should know about that, as you'd have signed up for the mailing list, and should recognise its address, somewhere in the message, instead (perhaps in the “To” field, perhaps written in the message).
Check the email address that it claims to come from. If it falsely claims to come from your own address, it's obviously a scam. Messages coming from legit companies are likely to use sensible addresses associated with their brand name; if it sounds ludicrous, it probably is.
Check the email addresses that replies are requested to go to, whether that be a “Reply-To” address in the message headers, or instructions written in the message, itself. If it's different from where the message came from, be suspicious. There are legitimate reasons for directing replies to somewhere else, like a boss asking you to respond to their secretary, directly; and mailing lists that ask you to reply back to the mailing list rather than any individuals, directly. But otherwise it's a peculiar request.
Carefully check any website addresses that are mentioned in messages and websites. Check that you're going to go where you expect to go. Links written in some emails and on websites don't always show you the destination address where the link is, you'll have to hover the mouse over the link without clicking on it, and look for some information to pop-up somewhere (such as in a status bar at the bottom of the window).
Web addresses have a standard way of being constructed, that allows you to understand what they refer to. You need to learn how to read them.
e.g. The “Example Company” probably has a website address like: http://www.example.com
It starts off with the protocol used for communication (HTTP being the usual method used for webpages), has a colon and double slash before the next part (://), the domain name for the site (www.example.com).
If the address refers to pages within that website, then there'll be extra information on the end of that address for that, with a slash between the domain name and the rest.
e.g. http://www.example.com/help/instructions.html
That'd be for an instruction page in the help section of the Example Company's website.
Personal websites often have addresses in that sort of manner, where the domain name belongs to whomever provides the service, and personal sites are in sub-sections.
e.g. http://www.example.com/homepages/john-doe/
Here, the Example Company is providing space for John Doe to have a website. The company probably has nothing to do with whatever John puts on his website. Don't consider such addresses as being any form or endorsement.
Addresses can include all sorts of extra information, such as log-on usernames and passwords, alternative ports to use, and so on… You need to know how they're put into addresses, so you don't mistake usernames and passwords as being the website address.
e.g. http://username:password@www.example.com:8000/help/mail.html
Here you can see where a username and password can be written before the domain name, with a colon between the username and the password, and an @ between them and the domain name. Then after the domain name is a colon followed by a port number. Then after that can be a slash followed by addressing for pages within the website.
As soon as you encounter an address like that, you have to hunt for where the colons and @ signs to work out which part is the website address (the bits after the @ sign).
e.g. http://www.google.com:search@www.example.com/steal-you-money.html is not going to the Google website, it's going to the steal-your-money page on the www.example.com website.
This is a common ploy with scams that try to steal from your bank accounts. They'll put the bank's address in the username section, their rip-off site will be further into the address. They're rip-off site will look like the bank's website, they'll copy and usernames and passwords that suckers type into them, then they'll use that information to steal from the bank account.