The Sans diary is a great place to get a feel for what is out there. Some of the latest entries gave me an idea of some techniques used by cyber-fraudsters:

One scheme sends a check via FedEx (t) with a fairly large amount-- about $3k. The victim who isn't expecting it and tries to deposit it. Then the fun starts: the check bounces, the victim gets a written apology for the mistake, and instructions to wire the $3k back but keep $300 "for your trouble". Now that sounds like an obvious con to me; but like Sans pointed out, "Given that ... FedEx isn't cheap ... they must still be making a killing."

Another scheme sounds a little more traditional. The con-men send a letter from a bank [sic] saying their pin number has been changed that includes a phone number to change the new pin code. The automated system at the supposed bank refuses their access, they get connected to an operator to assist them, and an operator asks for the last for digits of their social security code "for security reasons". Again, there is an expense (800 numbers are not free on the receivers side) so they must have an almost guaranteed return meaning people are falling for it.

Or how about an email from a reputable company that says your account has been deactivated for whatever reason, and requires you to download and execute a program with the password 12345. note: according to Sans, "Do your users know that no one will send a password over clear text?" Like a couple commenter mentioned, some services will do so. Their advice seems to be wrong. I say that only do trivial things with companies that do this.
lessons:

1. Question an unexpected check. Be diligent and look into the story, but remember that they will try to look legit and hope you will make assumptions that will convince you they are legit. Be paranoid in these situations!
2. Do not call a bank at the number a potential fraud gives you. It is most likely a fraud too and part of the scheme. A good way to handle this is to get to know someone at your bank so they know you and can ID you by your voice.
3. Don't assume something is legit because it seems to involve reputable services. Just because a package says it came from a FedEx package or it uses an 800 number doesn't mean the rest of the scheme is legit.
4. Question a program you didn't ask for yourself. Even programs you do ask for can be faked if the con-man can wiggle in between you and the place you get the program from. If you want a more technical solution then look for their use of a "digest" like MD-5 or SHA. More about this in other posts.
5. Watch your banks practices. If a bank or a financial institute sends you a password in plain like that, turn and run.
6. Do not use the same password for more than one account. If one account gets broken into, then the rest will fall.