Someone should clearly be able to spot a scam and make a different between a legit and non-legit ICO otherwise he is screwed. It's not that hard though , It's all about the marketing and how effort the developers and managers has put in the project , escrows is something else that everyone should look at.
As for Poloniex or other exchange , then those Altcoins logically came from ICOs so someone should once again use his brain (mostly If he is investing for long term) while buying and selling.
It is not as easy as it seems. You are right that really poor quality ICO is easy to spot and diagnose.
Bad ICOs are characterized by: unclear goals without detailed roadmap, extensive emphasis of economic gain of investors instead of focusing on utility of a coin,
lack of transparency in communication between developers and community etc.
But from the other hand we had promising projects which went rogue - both because it was designed to be a scam (XPY) or due to lack of ICO management or project failing apart [DAO].