If you mosey over to news.admin.net-absue.email and Google for terms like "how to read email headers" you will find out how easy it is to verify that these are fake.
You can use the same techniques to find out who owns a webpage (up to a point, the criminals work through fronts but legit companies do not.)
Of course it is usually pretty easy to identify the fakes just from the text. They always ask for information a legitimate company will not, like your PIN or password, Social Security Account Number and so on.