Do not use Microsoft products to browse random websites or read random emails. In a controlled environment, these products do have advantages. When used with untrusted content, they behave badly and will run code without your permission or knowledge. This includes all versions of Internet Explorer, Outlook, and Outlook Express. Instead, use products that are better about executing untrusted system code - Mozilla, Opera, Netscape, and the like.
If you can, use a plaintext mailreader. HTML mail is fraught with all sorts of security problems.
Do not open attachments unless you are expecting the specific attachment and you know what it is. Even then, this is risky. If you're not expecting that specific attachment, it's probably an email worm or something else bad. Even if you are expecting the attachment, rather than clicking on it directly to run it, you're much better off saving it to disk, opening the program you think it should be run with, and then opening it manually. This takes a bit more time, but think of the time you save by not having your data randomly deleted by malicious attachments.
If you're going to give out any information - financial info, username / password, etc... - do not click on links that are emailed to you. Always type in URLs by hand (or use bookmarks that you saved from typing URLs in by hand).
Do not ever give out any information to anyone who contacts you, no matter how inconspicious it seems. Find an alternate way to find out their contact information (or use contact information you already have, which has been verified), and call them back. For example, if you get a voicemail from your credit card company telling you to contact them about some suspected fraud, don't use the number they leave. Call the number on the back of your card instead.