The US-Cert site has a very good article located here that discusses how to avoid social engineering and phishing attacks. Since a majority of the attacks have shifted to phishing and social engineering, this is a good article to review.