Scams (e-mail, text messages, and phone calls) are getting very good at closely imitating true Apple communications. Always be cautious. These support articles have some guidelines:
About identifying legitimate emails from the App Store and iTunes Store --> Identify legitimate emails from the App Store or iTunes Store - Apple Support
Recognize and avoid phishing messages, phony support calls, and other scams - Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support
Avoid scams when you use Apple Cash --> https://support.apple.com/HT208226
Apple 'How to identify, avoid, and report phishing' video--> https://youtu.be/SR3Z3fXXjfw
About Gift Card Scams --> About Gift Card Scams - Official Apple Support
If you are uncertain about a message and a resource provided in that message, do not click on any links in the message. Try to use an Apple resource you know is valid to independently verify what the message is claiming. Go to a support article page on apple.com and use the instructions in the article to verify though Apple itself, or use an Apple device feature such as Settings or an Apple app. To ask Apple start at this web page: Official Apple Support
- Apple e-mails address you by your real name, not something like "Dear Customer", "Dear Client", or an e-mail address*.
- Apple e-mails originate from @apple.com or @itunes.com but it is possible to spoof a sender address. "Apple email related to your Apple ID account always comes from appleid@id.apple.com." - About your Apple ID email addresses - Apple Support
- Set your email to display Show Headers or Show Original to view Received From. Apple emails originate from IP addresses starting with "17.".
- Mouse-over links to see if they direct to real Apple web sites. Do not click on them as this just tells the spammer they have a working e-mail address in their database. If you are unsure, contact Apple using a link from the Apple.com web site, not one in an email.
- Phishing emails may include account suspension or similar threats in order to panic you into clicking on a link without thinking. They may report a fake purchase in order to infuriate you into rashly clicking on a false link to report a problem. March 2018 post by Niel https://discussions.apple.com/message/33129140#message33129140 - "Emails saying that your Apple ID has been locked or disabled are always phishing. If one actually gets disabled, its owner will be told when they try logging into it instead of through email."
- Apple will not ask for personal information in an e-mail and never for a social security number.
- Scams may have bad grammar or spelling mistakes.
- Apple will not phone you unless it is in response to a request from you to have them call you.
* Exception: https://discussions.apple.com/thread/8483395?answerId=33701414022#33701414022
Forward email attempts as an attachment (in MacOS Mail use the paperclip icon) to: reportphishing@apple.com then delete it.
