ANY form letter/request that asks you for any personal info should be considered bogus. No legitimate entity you are dealing with will ask for info such as your SSN, you credit card info and such. If there is a legitimate need for it they will already have it on file (use this same rule of thumb for phone calls asking for the information.)

Don't let them install active x or cookies into your system - who knows what future evil they will cause. I don't even open 99.9% of these phishing scams. Every once in a while I will forward the ebay/PayPal ones on to them, but generally they are immediatley deleted from my system (not just deleted from the inbox, I chase them down in the "deleted items' folder and delete them again to do my best to kill them off.

You give them even half the info they asked Bob for and I can pretty much guarantee your identity will be cloned and you will spend years trying to recover.

If in doubt, call the company and ask. Don't use the phone number in the email or that the person on the phone gives you because it will also take you to a fake call center. Search your files or google them or call information for a phone number.