Lizzie, this is indeed a scam, an increasingly common type known as "Phishing". I asked Lloyds TSB recently what action they took after receiving one proporting to be from Lloyds. They said they actively pursued taking legal action and having the accounts suspended via the ISP even when they originate in the far east. I was quite impressed with this.

If you are unsure in any way, always call before divulging any personal data online.

The single key fact which will differenciate valid operators from phishers, is that they will never (even over the phone, in the case of most of the banks I have dealt with) ask you to divulge all of your details in one go. Requests for pins or passwords should be restricted to certain characters (e.g. 1st & 3rd digits of pin plus 4th, 8th & 9th of password).
Some services may also specify the use of two or the "special words", which are the answers to specific questions (Nationwide use this method), but again they will never ask for all three in one single transaction.
Nor will they ever ask you for credit card details.

I have to deal these on a daily basis, and my advice is the same as I given here.

(Edited by gobstopper 29/03/2005 22:01)

Yes, the important thing to remember is that your bank will never need you to confirm details about your account - they already know these!