Having spent my years at NASA in computer security, let me say this:
Never respond to any of these types of email. The link that you may see may not be the actual link that you will be redirected to. It is very easy to create a hyperlink that redirects you to a phishing site. Many of the emails that are sent, are redirected back to the same web site, usually overseas and not easily obtained by law enforcement.
Many of you may have received email from Nigeria. That scam has been going on for 20 years (Started as mail, then FAX, then email) and the responsibility for trying to catch the frauds is the United States Secret Service. (Go to there site and search on "Nigeria") By the way, that scam is the third per-capita income for that country.
If you do not know the person that has sent you an email, you are best off just deleting it. I personally do not allow HTML email to come into my email box. It is converted to plain text or junked. HTML Email is dangerous and can contain code that can automatically run when opened. I never open a link that I did not solicit.
When dealing with web sites and you need to provide information, such as when you are on-line banking, make sure that the site begins with HTTPS:// The "S" indicates a secure socket layer, or "encrypted" site. Although not totally foolproof, it does defeat most lurkers.
If you think "lead" in products from china are the only thing, they are heavy into trying to break into U.S. Infrastructure.
We are only as strong as our weakest link.
Semper Fi!
p.s., What you see in your email is not the full email. There are embedded headers that are needed by the companies being "spoofed." Depending on your email client, depends on how you get the full header. If you are going to forward your email to the abuse police at any institution, you need to provide the full header. Typically you can seed it to
ABUSE@(whatever.com) or
POSTMASTER@(whatever.comm) Example:
abuse@paypal.com,
postmaster@paypal.com (send it to both - if they get bounced back, try .net or .org.