Check addresses carefully. Hackers send you messages from addresses that look legitimate and don't raise alarms. But if the email address is "firstname.lastname@example.org," you can be sure that it's not from Facebook. So don't click the link in it. If it's an official email, it will come from an official, company address.
Check the address again! Sometimes hackers even use technical tricks to make the address the email came from end with a legitimate, well-known domain. An example might be "email@example.com." Emails like these often contain infected attachments.
Research and use online security tools and services. Some of them are free -- a good example is BillGuard, which scans your credit card bills for questionable charges. BillGuard says it has saved consumers more than $500 million in fraudulent charges consumers might otherwise not have noticed.
Avoid attachments. Unless you personally know the sender of an attachment or email, do NOT download or open the attachment. If you are tempted, at least run the latest anti-virus, anti-phishing and anti-spyware software on your system.
Do your research. Most scams are talked about on the Internet somewhere. Google the type or wording of the scam and see what comes up. A site called www.snopes.com offers lots of information about new and old scams. Also, call the company from which the email is allegedly coming. If you've gotten an email from a bank and you call the bank but they have no record of your transactions, the email is a scam or a virus.
Go with your gut. If an email seems fishy (or "phishy"), it probably is. Use the common sense you use in the real world -- it may seem obvious, but for whatever reason many people often suspend their common sense in the online world.
The holidays are all about giving -- but not to scammers and hackers.