At least judging by the number of emails we've been getting about them, WoW scams have never been more popular than they are now. So I'm very happy to see that Blizzard has launched a new Account Security section on their Battle.net site, featuring tips on how to keep your Battle.net account safe.
A lot of it is common sense - things like using an authenticator (which also gets you a nifty Corehound pet), not giving your account name/password to anyone (even if they say they're a Blizzard employee), and keeping up-to-date browser software and anti-virus on your computer. It never hurts to reiterate these things, though; many accounts get compromised every day through not observing these rules.
It also contains a list of "safe, official Blizzard Entertainment domains," which are the only domains you should ever enter your Battle.net login/password on. That list is Blizzard.com, Battle.net, WorldOfWarcraft.com, WoWArmory.com, Starcraft2.com, and Diablo3.com (though I imagine it'll get expanded whenever they announce their new MMO).
Give the site a quick read if you're feeling unclear on WoW security principles, and more importantly, recommend it to your less-informed friends. Only you can prevent WoW account theft.