I got one from Citi Bank last week asking me to verify my credit card info. The scary part is how did they know I have a Citi Bank credit card?
They didn't. If you didn't have one, you'd just ignore the email.
They probably didn't. Citi is one of the big ones, so they just take the chance that a large number of people have a Citi card.
I get them, trying to get my Citi card number and my Wells Fargo number, and I have never used anything from Wells Fargo.
Now one thing that was very scary to me was that I wanted to buy something from Ebay, and they seller only accepted Paypal. I had a Paypal account for a few years, but I never used it and never had any money in it or connected it to a credit card.
I wanted to bid on an item on Ebay, so I connected the Paypal account to my credit card and the very next day I received a phishing e-mail from "Paypal"! Coincidence or not? Not sure.
And I can see how people would have been tricked by it. It was an HTML e-mail asking me to update some Paypal information, and it used graphics referenced right off the Paypal site (www.paypal.com).
The only piece of the e-mail that wasn't from www.paypal.com was the link to click and that went to an IP address, which I traced down to a server in Taiwan. The e-mail looked very real, and came at a time right after I enabled my Paypal account - it would have been very easy to be tricked.