Lesley Meall.

If you receive an email from a Nigerian banker who wants to make you a millionaire you know better than to open the message - let alone pass on the details of your bank account and passport. But if you get an email with a title such as 'Winter storms batter Europe' or 'Chinese missile shoots down US aircraft', you are significantly less likely to suspect foul play. As a consequence, numerous PCs are compromised, and act as 'zombie' computers in a 'botnet', distributing spam, and supporting various types of cybercrime from bank fraud to identity theft.

Anti-spam, anti-virus software, local firewalls and software to filter out adware and spyware are now pretty much the norm on most desktops, and many organisations have extensive multi-layer security measures in place at the gateway level. But in addition to taking these precautions, many of us can help make our email systems a lot less vulnerable with just a little effort.

Set your browser security level to high. How you do this varies between different browsers: Internet Explorer, Firefox, Safari et al, all have different user interfaces. With the most widely used, Internet Explorer, you can click on 'internet options' and check the various security and privacy settings. Use the pop-up blocker and make sure the phishing filter is turned on. (The 'high' setting can stop some websites working correctly, so if the setting causes problems, and you are sure it is safe, you can add it to your list of 'trusted sites'.)

Don't use your business email address to sign up for online auction sites, newsletters, or free products. Don't open attachments from anyone you don't know. Don't forward chain letters, jokes or petitions: even if they've come from friends they're still spam and the lists of addresses on them may later be used by spammers. Choose an internet service provider that offers spam-blocking features, and use them. Check your spam filter for wanted messages as well as unwanted messages, and if email from a known source starts going astray, add it to your list of trusted sites.

Don't click on links from emails into websites even if you recognise them. Sites often look like popular sites such as eBay and Amazon, so it's safer to key the correct location into the address line. Don't click on pop-ups that tell you your machine is infected with spyware and offer to clean it up for you, because this could install even more. Turn off the 'preview' feature in your email program. Spammers put invisible images into emails so that when you view them, you visit their site to get the image, confirming your email address is in use, and resulting in even more spam.

On occasions when you want to apply an extra level of confidentiality and security to your emails use encryption. With the help of software programs such as Pretty Good Privacy (www.pgpi.org) and DESlock (www.deslock.com), you can encrypt the contents, and if you use an email certificate you can encrypt the content and digitally sign your messages so that recipients can be confident they have originated with you, and vice versa. You can buy the necessary digital ID or get a personal one free from www.thawte.com (along with an explanation of how they work).

This may seem like overkill, but it's all too easy to set up an email account in someone else's name, and it's worth remembering that most emails are the electronic equivalent of postcards written in pencil. By the time they reach the recipient they have passed through numerous pairs of hands (and servers) and can easily be intercepted or altered along the way.