Enable two-factor authentication, either by mobile app or paper codes. More than 99% of the attacks against you can be prevented with two-factor authentication. It takes only few minutes to set it up.
2FA can be enabled from your profile settings.
Enable log in guard. LocalBitcoins remembers your web browsers and verifies logins are coming from the same browser. If an unknown web browser is encountered, an email confirmation is required before the login can proceed.
Do not share your password across different websites.
Do not publish your email address, associated with your LocalBitcoins account, on any website.
Do not get involved transactions outside the LocalBitcoins site messaging, e.g. in Skype. The malicious users often use these channels to circumvent the security features present on LocalBitcoins.
Do not use the website from a shared computers or devices, like ones in public internet cafes, as they may have key loggers installed to steal your user credentials.
Always when logging in to the website, read the browser address bar and check that you are logging into localbitcoins.com and not a phishing domain. Make sure the spelling is localbitcoins.com exactly, as the phishers, especially email phishers, often register domain names resembling localbitcoins.com domain name. (ie: localbiRcoins)
If possible when accessing user accounts with Bitcoin wallets, do this from a dedicated computer you have reserved for financial tasks only. Do not use this computer for other tasks. Do not install third party software and browser addons you cannot trust 100%. This greatly reduces the risk of getting malware infection on the computer.