These types of attacks are called “social engineering,” and they are used by criminals to steal your money and identity, and to plant on your computer malicious software that can be used to keep ripping you off. Social engineering is the online equivalent of an old-fashioned con game, in which a crook frightens people with false warnings, or tempts them with false promises, and then robs them.

While viruses and spyware overwhelmingly afflict Microsoft’s (MSFT) Windows users and spare users of Apple’s (AAPL) Macintosh computers, social-engineering schemes can ensnare Mac users as well. There’s nothing inherent in Macs that makes their owners more resistant to falling for social-engineering scams.

The most common form of social engineering is called phishing, a one-two punch using both email and Web browsing to trick people into typing confidential information into Web sites that look like the sites of real companies, especially financial institutions. But these phishing sites are actually skillfully designed fakes that transmit your sensitive data to criminals, often in distant countries. Once these creeps have your passwords and account numbers, they can loot your funds and steal your identity.

Here are some tips to help you avoid being the victim of social engineering, updated from a similar column I wrote in 2006. It includes information on some antiphishing software that wasn’t available back then. But remember: Security software alone can’t save you from scams.

1. Never, ever click on a link embedded in an email that appears to come from a financial institution, even if it’s your own bank or brokerage and even if it looks official right down to the logo. The same goes for payment or auction services, like PayPal or eBay (EBAY). Don’t do this even if the email asserts that your account has a problem, or that the bank has to verify your information. And certainly don’t enter any passwords, Social Security numbers or account numbers directly in an email.

These types of emails are almost always fakes, and the links they contain almost always lead to phony Web sites run by criminals. The only exception might be a confirmation email from a brokerage firm concerning a trade you know you made minutes before. Even legitimate-looking addresses in emails or in the address bar of Web browsers can be fakes that hide the crooks’ true Web addresses. The lock icon on a Web site can also be falsified.

If you are truly worried about your account, call the bank or company, or go to its Web site by manually typing in its address or by using a well-established bookmark in your browser that you created yourself.

2. Don’t click on links to offers for free software or goods that you receive in an email, especially from a sender or company you’ve never heard of.

3. Never download software from unfamiliar Web sites unless you are absolutely sure you need it and it’s legitimate. Even if it claims to be a useful program, it may very well be a malicious application like a “key logger,” which can report back to crooks everything you type into your computer. If you really want the program, do a Web search on it first, to see if others have reported it as a malicious fake.

4. If a Web site tells you that you need to download special viewing software to see its videos, don’t do it. Even if it claims to be giving you legitimate viewing software, like Microsoft’s Silverlight, Adobe’s (ADBE) Flash or Apple’s QuickTime, don’t download it there. Go to the official Microsoft, Adobe or Apple Web sites to get these viewers.

5. Use a Web browser, like Internet Explorer 7 on Windows, or Firefox 2.0 on Windows or Mac, that includes built-in features to warn you about, or block access to, known phishing sites. The next versions of these two browsers will have even stronger features that will detect sites that are not only fake, but which are known to distribute malicious software.

Unfortunately, the third major browser, Apple’s otherwise excellent Safari for Mac and Windows, lacks any such antiphishing detection, though I expect Apple to add the feature in a future version. So, for now, Mac users worried about phishing should rely on Firefox.

6. Consider security software that tries to detect and block phishing sites. McAfee’s (MFE) free Site Advisor and paid Site Advisor Plus products do a good job. Symantec (SYMC) has similar features built into its large security suites, Norton 360 2.0 and Norton Internet Security 2008.

7. Educate yourself by reading about social engineering and phishing and how to avoid being a victim. Microsoft has a very good guide at: microsoft.com/protect/yourself/phishing/identify.mspx and Symantec has one at: symantec.com/norton/clubsymantec/library/article.jsp?aid=cs_phishing.

Follow these tips and you’ll be a happier — and safer — surfer.

Find all of Walt Mossberg’s columns and videos online, free, at the new All Things Digital Web site, http://walt.allthingsd.com.

• Email him at mossberg@wsj.com.

These creeps now find it easier than ever to defraud people, steal their identities and blast them with unwanted or false advertising. They use the Web as a pathway to infect computers, corrupt data and take over others’ machines.

Security software can help block this wave of woe. But it would be better to know in advance if a Web site that comes up in a search result, or one you arrived at through other means, is harboring malicious software, or perpetrating scams, or generating spam and unwanted pop-ups. It might also be nice to know if a site with an innocuous name contains pornography, hate speech or other content that might be offensive to you.

I’ve been testing two services that aim to provide such advance notice of bad or offensive sites. The services, Scandoo and SiteAdvisor, take different approaches to the task and offer different features. But both instantly mark up a search-result page, and label the links that might be dangerous.

Both services are free of charge, and each works on both Windows and Macintosh computers, and in multiple Web browsers. On balance, I prefer SiteAdvisor, though Scandoo has a couple of things SiteAdvisor lacks.

Scandoo, still in beta, or test, phase, is from a company called ScanSafe, which provides site-scanning and security services for corporations. SiteAdvisor was founded by some engineers from MIT and was recently bought by McAfee, the big computer-security firm.

SiteAdvisor works via a software plug-in that you download and install. The plug-in, available at www.siteadvisor.com, modifies either the Internet Explorer browser for Windows, or the Firefox browser for Windows, Macintosh and Linux, so the browser can identify bad Web sites. SiteAdvisor works with the Google, Yahoo and MSN search engines.

Scandoo requires no software downloads and works with more browsers than SiteAdvisor does. But it requires you to enter a search term at its Web page, www.scandoo.com, rather than at the home page or search box of your favorite search engine. It then transfers to the search engine you choose and modifies the results page to identify sites that may be troublesome. It now works only with Google or MSN.

There are some other major differences between the two. Scandoo scans Web pages on the fly to look for bad stuff. SiteAdvisor matches Web sites against a database it has compiled about content. Scandoo works only on pure search results, not the ads alongside the results. SiteAdvisor rates the results and the ads, which often are more dangerous.

In addition, because it is built into the browser, SiteAdvisor can rate any site you are visiting, not just sites listed in search results. SiteAdvisor places a small, unobtrusive icon in your browser. The icon is green if you are on a Web page it considers safe and honest. It turns red if it regards the site as dangerous.

Scandoo works only on search results pages. But it has a function SiteAdvisor lacks. It can rate pages for offensive content, while SiteAdvisor focuses just on the presence of malicious software, or invasive advertising techniques. Scandoo allows you to specify which kinds of content you want flagged, including pornography, hate speech and gambling.

SiteAdvisor also flags sites it regards as perpetrating scams, like charging people for software that actually is free. But in my tests, it ignored some other scams, such as offers for pills that magically enlarge body parts.

In my tests, SiteAdvisor consistently flagged more Web sites as bad than Scandoo did. When I searched for “Free iPods” in Google, Scandoo gave all the regular search results a green check mark, meaning OK. SiteAdvisor marked the first regular result in red and gave it an “X,” meaning trouble. It also marked most of the ads in red and gave them “X’s.”

This is partly due to different techniques they use. Scandoo claims its real-time scanning can uncover bad sites SiteAdvisor might miss. SiteAdvisor claims its database is more comprehensive.

Another reason for the disparity is that SiteAdvisor isn’t just looking for viruses or spyware. It uses test computers to see if sites are likely to generate what it calls “spammy” email or pop-up ads. If they do, the sites get flagged.

Some might regard SiteAdvisor’s filters as too aggressive, but, unlike Scandoo, it gives a detailed explanation for each rating. The explanations I saw made sense. For the free iPods site SiteAdvisor flagged, it explained: “After entering our e-mail address on this site, we received 11 e-mails per week. They were very spammy.” It even showed some test emails.

Both services are very helpful. You might want to use Scandoo if you’re concerned about offensive content. But for flagging malicious software and invasive advertising, SiteAdvisor is more comprehensive and tougher.

• Email me at mossberg@wsj.com.