Although definitely not the only step to stopping malicious email, not displaying HTML or rich text in messages goes a long way. Here's the summary of where the settings are located:

Outlook 2003

Tools menu, Options, Preferences tab, E-mail area, E-mail Options, Message Handling area.

Outlook 2007

Tools menu, Trust Center, E-mail Security, Read as Plain Text.

Outlook 2010

File tab, Options, Trust Center, Trust Center Settings, E-mail Security, Read as Plain Text.

For more information, check out this Microsoft KB article.