Yes the latest flurry came from NMU Bank (which I don't have an account and I don't think they operate in this state.)

I got one, then the next day, two more, then Monday four of the requests. They all say that someone has been attempting to login to my accounts with multiple password attempts. Please confirm, Blah, Blah, Blah

Just so it doesn't seem that it's always something about account information. Some of these look like warnings.

They always have the link to www.realbank.com's address, but if you move the cursor over that link it will show an IP address with a long server name.

These do usually come from Russia or an international hijacked site that is made to look like the real site.

Meanwhile back to the meat.

If you don't have the urge to forward them to abuse@therealbank.com, just delete and ignore them.Don't reply under any circumstances because your address will be collected.

Almost every website has a "catch-all" malbox for the system operator, so if you send it to Spam or abuse or alert or whatever, there's a very good chance that it will get back to them.

Some will just bounce, no such user, in which case, they just don't care?