Fortunately, you can prevent that, with one simple method: readResolve:
Instead of the object that was found in serialized form, deserializing will now return the result of getInstance(), which is the sole instance of the singleton class.
You can't prevent serialization with readResolve(), only maintain the singleton property. If you want to prevent serialization you should just not make the singleton implement Serializable. If that's not possible you can implement writeObject(ObjectOutputStream) or writeReplace() to throw an exception, but that's just a nasty hack.
ReadResolve is one mechanism used for instance control. In addition, in Java 5 and later versions, ENUM is another approach which guarantees singleton property even in the serialization requirement and reflection attacks.