We all know to avoid helping out the Nigerian prince asking for $500. Or the special pill that will make us do amazing things. Or the job that lets you work from home that pays you more than most Wall Street executives.

But what if you get an email from a colleague that is work related? Or an error message on an email you sent out?

Confused?

So was the rest of America apparently.

This is spear phishing, a rapidly proliferating form of fraud that comes with a familiar face: messages that seem to be from co-workers, friends or family members, customized to trick you into letting your guard down online. And it has turned into a major problem, according to technology companies and computer security experts.

Google disclosed Wednesday it was the victim of a cyber attack. State officials are investigating claims it may have originated in China. China has denied such involvement.

“It’s a really nasty tactic because it’s so personalized,” said Bruce Schneier, the chief security technology officer of the British company BT Group. “It’s an e-mail from your mother saying she needs your Social Security number for the will she’s doing.”

Mr. Schneier said the attacks are more like a traditional con game than a technically sophisticated intrusion. “This is hacking the person,” he said. “It’s not hacking the computer.”

So what do you do when you find yourself with an out-of-control email account?

As one of the few whose accounts was hacked, it’s incredibly frustrating, scary, and nerve-racking. There’s no help line to call. No immediate email to send.

It takes research.

So … here are some tips.

1. Have a decent password

Don’t make it just a simple word. Add some numbers to it. AND DON’T MAKE YOUR PASSWORD ‘PASSWORD.’

2. Change your password regularly

Get it in your system to change your password every other month.

3. Set up a verification code

Ok, so it’s another password. But it’s safe and it works.

If you are a smartphone user, you can download a Google Authenticator app that serves as a 6-digit random code generator that links with your gmail.

Confused? OK.

Enter your gmail password. You will get a prompt for a verification code. Check your phone. Enter code. You’re golden.

4. Don’t be a moron

Seriously. Don’t click on emails you aren’t expecting.

Do you have any other tips? Experience? Sound off below.