A big suggestion I can make for people to keep themselves safe is as follows:
If you use gmail or some other mail services (check with your mail provider) you can use sub addressing.
Say you email address for blizzard is
[email protected]. You'd turn it into
[email protected]. The services that support this will ignore anything after and including the plus in the username. This secret becomes an additional level of security in your login name. Even if someone knows your email address they don't know the +secret.
It also serves to validate email easily coming from Blizzard. As long as you never give out the +secret to anyone else, only you and Blizzard know it. If you get legitimate email from Blizzard it will be sent to that address.
I get a lot of phissing mail addressed to my email addresses I use on various fan sites, but the only mail I ever get to
[email protected] is fully legit mail from Blizzard.
Additionally, you can change the +secret at any time. Want to give people you address to add as friends change it briefly to something else, let them add you and change it back. Change it weekly if you're really paranoid. Change it anytime you feel threatened.
Outside of the various vulnerabilities floating around, I'm pretty sure the phising emails are their most successful tool. It's easy to fall for one even if you know what you're doing. Here's an explanation of how a knowledgeable person got phised:
http://www.boingboing.net/2010/05/05...t-phished.html