Two of my friends have been the victims of bad guys breaking into their G-mail accounts (and possibly their Facebook Accounts) and subsequently had phishing e-mails sent from their accounts to everyone they know. The e-mail messages go something like this: "My eyes are filled with tears as I type this. I'm traveling in the UK (London or Ireland or Scotland) and I got mugged (or I lost my wallet with all my money). Please send me money."
Since the bad guys have control of the e-mail account, any replies (like money orders or banking information) go to _them_.
Anyway, you know the drill:
1) make your passwords eight characters (at least) long.
2) use upper- and lowercase letters and numbers in your password to make it complex.
3) use different passwords for your different accounts so if the bad guys figure out your New York Times account password they don't have your e-mail, Facebook, and Twitter accounts (or worse, your banking account).
4) scan your PC for Trojan Horses that might be watching for passwords.
5) avoid entering your password onto a public access computer (and say NO when you're asked if you want a social networking web site to remember your password).
6) use caution supplying a password over public, unsecured wireless networks (see #5)
7) change your password every so often
Here's some links: