These are the latest instructions from Google if you receive a phishing scam.

You can't prevent spoofing. So, the recipient must remain alert, particularly for messages supposedly from you which they may find under Spam or vice versa.
 
As a rule of thumb, if ever suspicious about any email, check whether the email was authenticated by the sending domain. Click on the drop-down arrow underneath the sender's name (next to the receiver's name), and make sure the domain seen next to the 'mailed-by' or 'signed-by' lines matches the sender's email address. e.g: If you see messages claiming to be from google.com, but are not properly authenticated as coming from google.com, then they are phishing messages and you must report them. For additional details, click on this link: Email authentication 
On your part, you can alert them to this fact so that they can report those messages appropriately. If the sending email address is another Gmail (please confirm before reporting), use this form to report abuse - I would like to report a Gmail user who has sent messages that violate the Gmail Program Policies and/or Terms of Use.