Yesterday our transition from "some site" to "a good site" happened: Someone tried to get user passwords by sending out a so called "fishing email" to our merchants. That means, we grew big enough that some idiot (sorry, but there is no other name for that person) tried to get his filthy hands on accounts of our users.
A lot of big sites and especially the online banking providers have this problem:
An email reaches your account and it somehow looks like a real administration email from the site you are registered with. It either has a link to change your password or an attachment with it... Well, DO NEVER FOLLOW PASSWORD RELATED LINKS IN EMAILS! Further DO NOT OPEN ATTACHMENTS coming with those mails!
The best way to prevent this stuff is: go to your service provider by typing in the domain into the URL field of your browser. Even SPYWARE and VIRUS killers are not the 100% solution.
As a webmaster you have to continuously warn your users and anybody around you!