These are the rules.

The rules are subject to change, but you are always advised to follow the current set of rules. They are not all of the rules. They are some of the rules. The absence in this list of a particular rule does not mean you don't have to follow it, if indeed it is a rule. These are intended to be a simple set of general rules for dealing with the kinds of interactions that are prevalent on the internet (web/email). Some of them also apply to the telephone. Use of the rules is at your own risk (as is use of the internet).

But you do have to follow these, even if you've lost your rulebook under the stack of AOL CDs. Remember, there are lots of people out there trying to scam you. Don't make it easier for them. These rules derive from the core principles of "don't execute untrusted code" and "verify your contacts".

Watch the Chain of Trust

Do not ever give out any information to anyone who contacts you first, no matter how inconspicuous it seems. Find an alternate way to find out their contact information (or use contact information you already have, which has been verified), and contact them yourself. For example, if you get a voicemail from your credit card company telling you to contact them about some suspected fraud, don't use the number they leave. Call the number on the back of your card instead.

You don't control the links

If you're going to give out any information - financial info, username / password, etc..., even if it seems like inconspicuous information - do not click on links that are emailed to you. Always type in URLs by hand (or use bookmarks that you saved from typing URLs in by hand).

You don't control attachments

Do not open attachments unless you are expecting the specific attachment and you know what it is. Even then, this is risky. If you're not expecting that specific attachment, it's probably an email worm or something else bad. Even if you are expecting the attachment, rather than clicking on it directly to run it, you're much better off saving it to disk, opening the program you think it should be run with, and then opening it manually. This takes a bit more time, but think of the time you save by not having your data randomly deleted by malicious attachments. f you can, open them in some program other than the one for which they were intended (use an alternate PDF reader instead of Acrobat, or the Word viewer or OpenOffice, or an unpopular operating system).

HTML can be used to hide things from you

If you can, use a plaintext mailreader. HTML mail is fraught with all sorts of security problems. I like Mutt.

Burn me a million times...

Do not use Microsoft products to browse random websites or read random emails. In a controlled environment, these products do have advantages. When used with untrusted content, they behave badly and will run code without your permission or knowledge. This includes all versions of Internet Explorer, Outlook, and Outlook Express. Instead, use products that are better about executing (or not) untrusted system code - Mozilla/Firefox/Thunderbird, Opera, and the like. If you absolutely must use Microsoft products, make sure they are up to date with the latest patches.

The rules have been brought to you by
The rules are always a work in progress. Suggest a new rule.
Suggestions will not be credited, and may or may not be included.