For most email scams, your vigilance is the best defense. It is important to remember that your systems are (most likely) not compromised, but rather that the email sender's systems have been. You can't guard against receiving every possible email scam, in much the same way as you can't guard against receiving every possible telemarketing call.
First, pay attention to the writing style or content of the body of the message. If the message is written in a style that doesn’t seem to match that person’s communication style, then it is worth investigating further. If it seems odd, it probably is. Also look for spelling errors, which are a dead giveaway.
Second, did you know that there is more detail in an email message (called the message header) than To:, From:, and CC/BCC:? You can use this information to quickly ascertain whether an email is legitimate or not. In Gmail for example, when you view a message, you can click the down arrow button next to the reply button, then click “Show original”
For sites managed by Smart Sourced IT, we have set up additional email security precautions. Check the results next to “SPF”, “DKIM” and “DMARC”. They should all say “PASS”. If any of these results is different, you can assume the email is spam, or contact IT support for further investigation.
Scroll further down to the section that looks like a bunch of code. Three elements -- "From”, “Reply-To”, and “To” (highlighted in the red box) — should contain an email address that matches the one you know for the sender. If it does not, you can assume the email is spam and mark it as such.