My bank recommends that you forward these emails to the FTC at
[email protected] . Just forward the email, don't change or retype the subject line so they can trace it properly, then delete it from your inbox.
I've only ever gotten one of these emails in my life, the guy got lucky and I had an account at the bank he spoofed. Unfortunately, my bank doesn't have my work email information, and that's where the email went, so it set off an alarm... then I realized, my bank never emails me, except for the rare occasion when they send me one that says, open a browser, go to our page, login, and go to your message center.
So I was bored at work and decided to trace the email back to its source, and send all the trace info along with the email to the ftc, and the ISP that it was sent from.
I'm sure it was some poor fool with a zombificated PC due to a virus or something, but I honestly believe that computers should be like guns, if you're stupid enough not to reasonably secure yours, you should be liable.