I think a good prevention mechanism everyone should note is how to do data verification. In other words, I mean verification of MD5, SHA-1 and SHA-256 hashes. Its some cryptography stuffs!
If you have the real checksums they can be used to check the real executable. But what would prevent a scammer from creating new hashes for his malicious software? If the executable would be downloaded from his site then the hashes would also be from there.
Because of that I can just recommend anybody to use a dedicated device or hardware wallet for cryptocurrencies - do not expose your funds to thiefs and scammers. I wish I had taken these precautions myself in time.