Windows Vista, OS X and Linux (e.g. Ubuntu/Gnome) each ask for permission when certain operations are performed. I know when I've initiated such an action most of the time. Occasionally, I'm not expecting the dialog to pop up because I don't consider what I've requested to be needing permission. This makes me nervous.
How easy is it for some mal-ware to spoof such a dialog? I would say it's probably trivial.
What can be done to prevent getting caught by this?
The dialog can be spoofed (in the sense that an application can draw something on screen that looks the same as a UAC dialog), but what does it get you other than to desensitise the user to clicking on "OK" all the time? That's a concern, but as long as OSes think that "ask the user" is the correct answer to the question "should I allow this?", there's not a lot that you as a user can do to stop it.
Maybe something similar to yahoo's sign-in seal could be created.
Basically set up a secret that an unprivileged program can't have access to/knowledge about, and let the system serve that up when it's asking for permission to give a program privileges.