I think the kindest(?) or business effective thing to do is ask your IT dept/ or whoever is in charge to forward a copy of the email to the supplier firm's Manager/IT dept. with a polite note requesting that they check on hoax-slayer.com click here before sending out this type of email.
I would also point out their major faux-pas in disclosing all their clients names/email addresses in the header.
It was probably sent by a junior in the office who doesn't know any better (yet) and I would think that his/her manager needs to do a bit of inhouse training - and quickly.