P.T. Barnum famously said, "There's a sucker born every minute." That's exactly what identity thieves are hoping for.
One of the most common ways thieves are stealing personal information is through phishing. The practice works like this: you receive an unsolicited e-mail that appears to be from a legitimate source, like your bank or credit union. The e-mail asks you to click on a link that becomes a pop-up window in which you are asked to verify your personal, banking or credit card information. The message is marked urgent, and sometimes might even say your account will be closed if you don't provide the necessary information.
Very often, these e-mails also contain malware which, once it has infiltrated your computer, will provide a criminal with your most personal details. Once he has your information, he can commit crimes, obtain loans, employment and health care, and empty your bank accounts.
A legitimate business will never send you a message asking for your private details. Don't follow instructions or click on links given in an e-mail message, even though it might appear to be real. Verify that a message has been sent by contacting the bank or company directly.
You can't possibly know about every scam out there. But it does pay to understand how they work, and how to recognize them. The best possible advice in this situation is this: when you're unsure about something, don't click or respond. Period.