When you get hit with something, you can contact the company yourself if you think there may be a legitimate question on their part. More likely, it's a spoof (phishing) attempt. Report them. Go to the site of the company itself, find the address that most of those companies give you, and then turn in the scumbags.
Here is a cute thing that I got from "PayPal". Or so it claims:
They try to scare you into working fast. But...where's my name? This is "PayPal member", and that's my first warning. And no, looking at the "from" field in the e-mail is not an indicator, because those are easily faked; if I wanted to, I could send you e-mail from "Satan@Hell.com" and it would appear real until someone checked the headers of the e-mail.
After checking with PayPal's site and forwarding it to them, I wanted to have some fun. I have clicked on these things before (including a "request for information" from a company where I did not even have a credit card), and filled in junk. Don't do this at home, though. I have excellent security on my system, capice? My next protection kicked in:
Anyway, I know I'm rambling. Just remember, kids, don't give out personal information to your "bank" or other "financial institution". It's probably not them at all, capice?