Consumers and businesses in the UK lost an estimated £27bn in 2012 through cybercrime. More than £600m of this was through so called "phishing" attacks.
Sometimes it is easy to tell if an email is fraudulent - for example, if there are spelling mistakes in an email which is supposed to have come from a multinational company, or if the language or branding is not quite right, if you're not actually a customer of the company which has emailed you as if they were. And although companies do sometimes make stupid mistakes with the details of their customers, if a company of which you have been a customer for years approaches you and gets your details wrong, you are fully entitled to assume it's not actually them, but a fraudster.
However, some of the fraudsters are very clever- they steal the actual logos and styles, use the names of real officials of the company they are pretending to be contacting you from - and sometimes give you real information.
The rules I always use to test the validity of an email if there is nothing obviously wrong with it involve asking myself
1) Should the company which this message purports to come from need to ask me these questions?
2) Could what I'm being asked for be useful to a fraudster?
And if in doubt, always check!
No company who have sent you a genuine email should mind if you phone them to check if it really is authentic.
Most companies have an email address to which you can report suspected frand, such as firstname.lastname@example.org and if you notify them of a suspect email through one of these numbers, they will take action against the fraudsters.