If you've received an email and you're not 100% sure you trust it, hold your mouse over the link you're prompted to click. This will display the full URL. If it doesn't look right - DON'T CLICK IT! for example, if the email prompts you to login to Paypal, the first part of the URL should be "https://www.paypal.com/" (this is the domain name and may be followed by a page name after the "/"), but if it's different - even only slightly - it's probably not valid. e,g: "https://www.paypel.com" is wrong! "https://www.paypal.com.sc" is wrong! "https://www.paypall.com" is wrong! If you want to login to your online services to check, or reset a password, or for any other reason - open your web-browser and go direclty to the site rather than using a link in an email.
In simple terms - always make sure you have up-to-date anti-virus software isntalled and running and perform a regular full scan of your system(s).
In addition to anti-virus software, it's a good idea to run a full scan of your computer using a specialist Anti-Malware product, such as SUPERAntiSpyware (https://www.superantispyware.com/)
In addition to the common-sense rules about not having an easy-to-guess password; using a different password for different things; changing your passwords from time-to-time; not writing down passwords, or storing them insecurely (such as in a text document named "passwords" in "My Documents", for example!), using a password manager, such as LastPass (https://www.lastpass.com/) is a safe and secure way to store passwords, as well as providing other benefits that make your password management even safer!
Having a good email-filtering system that removes suspicious emails before they get to your mailbox is a good way of avoiding potential problems
Office 365 (https://products.office.com/en-GB/?ms.url=office365com) includes pretty good filters; as does Trend Micro's "Hosted Email Security" (https://www.trendmicro.com/en_gb/business/products/user-protection/sps/email-and-collaboration/hosted-email-security.html) service