There's no easy answer to protect yourself. The open nature of email means that anyone who has your address (or has a computer capable of generating millions of addresses randomly) can send you a spear phishing email.
Thus, the only real solution is learning to be extremely skeptical of any emails you weren't expecting and always remembering to keep your hands away from the mouse -- that is, DO NOT CLICK on any unexpected email links or attachments unless and until you have verified (preferably from a trusted person known to you) that you aren't about to do the internet version of stepping on a land mine.
Today I got a pretty formidable phishing example that made me think the scammers are getting better all the time. And this one was extra potent because I have been dealing with First American Title lately. The scammers don't know that -- they sent this to millions of people, and of millions of people, some share of them are going to be dealing with any large company (such as First American, or Chase Bank, etc.). See below.
Luckily, the scammers are still not fully up to par -- and I know that September only has 30 days (the "9/31" was what first tipped me off to the fact that this email was just another scammer trying to make a buck at my expense). There are many other, more subtle, clues that this is a fraud (notice that there is no city or state in the address block for "Carin Wear," to name just one).
But, even with those errors, this is several times more convincing than the phishing attacks I used to get, and it suggests that it's just a matter of time until I am fooled.
The only thing that will protect me then is if I remember to stop before clicking and to get on the phone and call the local branch of whatever institution is supposedly sending me this email, and verify verify verify before clicking anything.
So, I urge you to join me in my rule: Assume any unsolicited or unexpected email is a ticking time bomb just hoping to explode on you. So never click attachments. Contact the supposed sender (NOT using the contact info in the email), and ask that the files be shared another way.