How do you tell if it is legitimate?
Look at some of the "tells" (to use a poker expression).
- Look at the email address the email is supposed to be from. Does it make sense?
- Look at the email headers. Do they show it coming from the server that they claim it is from, or do they show as coming from "hotmail.com", "yahoo.com", or some other domain?
- Take a hard look at the link they are asking you to use. Does it have an address in the readable part, or just some text saying something like "click here"? If they don't spell out the actual link, be weary.
- If your email client supports it, hover your mouse pointer over the link and look in the lower edge of the window to see where the link is really trying to send you. If the actual link doesn't match the link path, once again, be very cautious.
- Look closely at that link and make sure it is really sending you where the say they are sending you. In your example, they are sending you to "http://argskill.net/helpin.php". Does "argskil.net" sound like an iCloud related web site?
- For emails coming from US based companies, watch for misspellings, broken english, etc. all which indicate that they are not from a US corporation, and are quite probably from someone who doesn't speak english natively.
Your "tiny" email above fails several of these signs, to it is most likely not legitmate. If you are still concerned about this, you can go directly to iCloud.com or apple.com and check for yourself. If they are sending you an email, they should also have something on their website for you to double-check this information.
I did not see your post and just sent the following new one . . . The suspecious message from the "iCloud Security Center" appears to be going around!
Message posted today (with the font as it came, shown in my post:
I have received several eMails in the last couple of days from "iCloud Support Center" that look suspicious. They have been addressed to my & my wife's me.com and mac.com addresses. The address from which they came is: iCloud <firstname.lastname@example.org>
I'm assuming these are not legitimate - am I wrong? The message is:
You could be infected with spyware. Press this link to protect your account.
We have not clicked the indicated Link.