When most people think about Internet security problems, they focus on viruses and spyware — technological attacks that usually can be mitigated by technological defenses. But the most insidious Internet security problems today rely on human gullibility, not tricky software. Although technological defenses can help you fend off these newer types of attacks, your best weapons against them are common sense, alertness, and careful e-mail and Web-surfing practices.

These newer types of attacks are called “social engineering,” and they are used by criminals to steal your money and identity and to plant malicious software on your computer that can be used to rip you off. Social engineering is the online equivalent of an old-fashioned con game, in which a crook frightens people with false warnings, or tempts them with false promises, and then robs them.

The most common form of social engineering is called phishing, a one-two punch using both e-mail and Web browsing to trick people into typing confidential information into Web sites that look like the sites of real companies, especially financial institutions. But these phishing sites are actually skillfully designed fakes that transmit your sensitive data to criminals, often in distant countries. Once these creeps have your passwords and account numbers, they can loot your funds and steal your identity.

Here are some tips to help you avoid being the victim of social engineering.

1. Never, ever click on a link embedded in an e-mail that appears to come from a financial institution, even if it’s your own bank or brokerage and even if it looks official right down to the logo. The same goes for payment or auction services, such as PayPal or eBay.

Don’t do this even if the e-mail asserts that your account has a problem or that the bank has to verify your information. And certainly…