Apple will always address you by your name or the name they have on file for you, not Dear Customer, Dear Client or by using your e-mail address. The e-mail will be from @apple.com or @iTunes.com. E-mail addresses can be spoofed. You can go to Mail/View/Message/Show all Headers to see more. Apple emails won't have poor grammar/misspellings. Apple e-mails will never contain an attachment. Apple will never request personal information by email such as Social Security numbers, your Mother’s maiden name or full credit card numbers .
The only exception to the above I have noticed is if you order something from the Apple Store (apple.com), your receipt will be addressed to Dear Apple Customer. That is a receipt for a purchase you initiated.
Avoid phishing emails, fake ‘virus‘ alerts, phony support calls, and other scams. *
Identifying legitimate emails from the iTunes Store. *
She can also add 2 Factor Authentication to her account for more security. If the attempts continue, she might want to consider a name change.
Link to contact Apple Support in the article.
Apple ID has been compromised. *
Security and your Apple ID. *
Device and Data Access when Personal Safety is At Risk -
Checklist: If you want to see if anyone else has access to your device or accounts *
Note the restrictions in the article.
Apple ID Name Change. *
What to do after you change your Apple ID or password - Apple Support * I suggest doing this before you change your Apple ID or password.
Apple ID -Two-factor authentication *
Two Factor Authentification availability. *
2 Factor Authentication - How to generate a recovery key. *
Apple ID - Using app-specific passwords. *
Apple ID - Two Step Verifications FAQ *
