Verbatim from the Attorney General's office:
A classic scam is now targeting Apple users. The very common “phishing” scam is constantly being revised by con artists to target a larger pool of potential victims. Currently, scammers are using emails to target Apple users by falsely claiming that your Apple ID, iCloud or iTunes account has been comprised. You are then asked to provide personal information to rectify the problem.
“Because there is a large percentage of Apple users, these cons are using the Apple name to cast a wide net to phish for potential victims,” said Attorney General Hood. “That’s why it is important to think twice about any action you take online asking you to provide personal information. Legitimate companies like Apple never ask you to provide such information to them through an email.”
The danger for most people using iCloud is that they often back their cellular devices up to it. In the event this account is compromised, the attacker could gain access to very sensitive and personal information stored on those backups. These phishing websites can look similar to the legitimate ones. Very often, the scam comes in the form of a fake email (see example below) which will prompt you to click on a link and visit one of these phishing websites to “update your account information.”
To avoid this scam make sure you are in the iTunes application directly, not through a web browser. If you are asked to update your account information, make sure that you do so only in iTunes or on a legitimate page on Apple.com, such as the online Apple Store.
If you suspect your Apple ID, iCloud or iTunes account has been compromised, change the password immediately and/or contact Apple and advise them your account’s security has been compromised. If you have received a suspicious email, please notify iTunes Customer Support by visiting www.apple.com/support/itunes/store. ‘
Sample of phishing email:
> iCloud ID – xxxx This is the final message to inform you as of 22 – February – 2015 that you have not yet updated your Apple ID details. Under “Know your Customer” legislation Apple Inc is required to carry out a verification of your information, failure to complete this validation will result in deletion of your iCloud within the next three days. Please click below to » Login to your Apple/iCloud ID To cancel the deletion of your Apple & iCloud ID please proceed to your Apple ID information before the deadline. Resolution Validation Request: #L8FHI20121711925 Sincerely, iGenius Helpteam