The Internet provides ideal habitat for cybercrime: There's plenty of cover, unlimited quarry, and the hunting is easy. You never see your victim face-to-face and there's little chance of getting caught.
Early cybercrime originally targeted computers directly. The natural response was to improve security technology. PC protection has become quite effective, so new ways to penetrate have emerged.
People are trusting. Many criminals have found it is easier to deceive users than to hack their way into computers. Attack by clever deception is called social engineering.
A good social engineer can persuade people — even normally cautious ones — to reveal information they'd ordinarily guard very closely. The best ones rely on learning something about you that creates the illusion that they have a legitimate connection with you.
Phishing is the most successful strain of social engineering. Many global crime networks are formed around offshore fishing. A typical attack will ask for information to clear up a problem with your bank account or credit card — along the lines of, "Can you verify your {password, date of birth, account number, or other personal details} for us?"
Most of spam you get is obviously of no value. Well designed bogus email can look very legitimate though. Almost anything about an email message can be faked. Who it's "To:", who it's "From:", where it originated, The "Reply To:" address, etc.
Many spambots generate fairly convincing fake messages. Most of the time, something is slightly "off" though. For example, the subject may not match what you'd expect from the sender. But some of them are close enough to fool you. [examples]
You can learn more about rip-offs at the counterfeit email and bogus website pages. You're up against organized criminals and skillful con artists, who know all the tricks of the trade. You'll need to be more astute than they are cunning.
Phone calls are often used for a more personal form of phishing.
"Toll free" scams are vicious. A bogus message announces an unclaimed prize, a vacation offer or whatnot. All you need to do to take advantage of it is to call what looks like a toll free number. Trouble is, it's not really a toll-free number. The call goes to an offshore location, and can cost hundreds if not thousands of dollars in just a few minutes.
The "Nigerian" scam is both amusing and a serious ripoff. This and other "419" scams have fleeced victims of more than $150 Million so far. Update: The perpetrator, or at least one perpetrator of this scam was recently nabbed in Southeast Asia. [more]
The National Consumers League has lots of good information on avoiding fraud online, and what to do if you are a victim.
Internet ScamBusters — protect yourself from clever scams — online and offline
"The biggest computer security gap usually lies somewhere between the chair and the keyboard." —Curmudgeon