Here's more, some of which is not in Apple's documents referenced in my previous post. I am therefore posting it separately since it is not part of Apple's official guidelines. However, it probably has more specifics to actually aid in identifying bogus messages.
- Apple e-mails address you by your real name, not something like "Dear Customer", "Dear Client", or an e-mail address*.
- Apple e-mails originate from @apple.com or @itunes.com but it is possible to spoof a sender address. "Apple email related to your Apple ID account always comes from appleid@id.apple.com." - About your Apple ID email addresses - Apple Support
- Set your email to display Show Headers or Show Original to view Received From. Apple emails originate from IP addresses starting with "17.".
- Mouse-over links to see if they direct to real Apple web sites. Do not click on them as this just tells the spammer they have a working e-mail address in their database. If you are unsure, contact Apple using a link from the Apple.com web site, not one in an email.
- Phishing emails may include account suspension or similar threats in order to panic you into clicking on a link without thinking. They may report a fake purchase in order to infuriate you into rashly clicking on a false link to report a problem. March 2018 post by Niel https://discussions.apple.com/message/33129140#message33129140 - "Emails saying that your Apple ID has been locked or disabled are always phishing. If one actually gets disabled, its owner will be told when they try logging into it instead of through email."
- Apple will not ask for personal information in an e-mail and never for a social security number.
- Scams may have bad grammar or spelling mistakes.
- Apple will not phone you unless it is in response to a request from you to have them call you.
* Exception: https://discussions.apple.com/message/33701414#message33701414
Forward email attempts as an attachment (in MacOS Mail use the paperclip icon) to: reportphishing@apple.com then delete it.