The following information was taken from my note in facebook. Enjoy!

I noticed that some of you might have wondered: how on earth your email account got hacked, and now your facebook account is seized by some deities out there on the Internet.

Well, folks, rule of thumb: read the URL before you click on it!
How do we know that the URL is safe enough to open?
- It is actually quite simple: when you receive an email in your email client (eg. Outlook, Outlook Express, Thunderbird, etc), just hover/ move your mouse over the URL in your email message (again, DON'T click!).
- Alternatively, if you use webmail (eg. Yahoo, Gmail, etc), at the bottom part of your Internet browser (Internet Explorer, Firefox, Safari, Opera, etc), you may see some 'empty' area. Most of the browser listed above use this area for status. Therefore, if you just hover your mouse on the URL, you should see the actual URL that will open up before you click on it.
- Another method (this is a bit long, but for your safety's sake, worth doing): when you receive an email via webmail, right click on the URL stated in your email, and choose 'copy URL'. And then open up notepad, wordpad or some text editor (not Microsoft Word, even though no harm has been found yet), and then paste the URL that you just copy. 

Now, how to analyze the URL/ to identify whether it is safe or not:
If you know that you would like to open certain website (i.e.: Facebook), the end of the URL between 'http://' and the first '/' should contain facebook.com right before the first '/'.

Some example:
SAFE: http://www.facebook.com/profile.php?id=345687682
SAFE: http://login.facebook.com/login.php

DANGER: http://login.facebook.priority.videomessageid-bfnh2sxqq.scanerdownload.com/home.htm?/based/LOGIN=abcdefghijklm
(did you noticed that the website is 'scanerdownload.com' and NOT'facebook.com'?)

Also, if you use facebook regularly, you SHOULD know what kind of message that facebook normally sends out.
A couple of emails that I have received have the following subjects: 'Facebook online - you are agreeing to the Facebook Terms of Use'
A couple of things to note here:
- whoever the sender is, he/she knows that 'Terms of Use' is the current hot issue amongst facebook users 
- you might ask "then how come the email is from ' This e-mail address is being protected from spambots. You need JavaScript enabled to view it ' ???
The answer is simple: if you REALLY know facebook email message, it SHOULD come from 'facebookmail.com'
Another technical answer to the last question: it is Internet! It is all digital, you can simply put some fake name(s) as the sender and it will popup as nicely as it shows in your inbox.
So, either you are very 'honest' to put your real name in your email (well, who doesn't? Especially if it is personal email), or you just don't bother the facts that there are a lot of 'things' trying to steal something from someone (yeah, it is a thing, doesn't have to be a human).

Hope that helps!

P.S.: pardon my period and commas in the sentences.
P.P.S: if I have time, I might write more thorough story about your email header (the part that you normally see as sender, subject, dates and other 'summarized' information). Your email header, actually, have tons of information that can be (mis)-used.