Q: Is this spam?

Identifying fraudulent "phishing" email - Apple Support

You can use this page next time you receive one of these.

That is irrelevant, and part of the scam. Run a Whois lookup and you'll find the domain account-imessage.com is NOT owned by Apple. Going to that domain in a browser redirects to https://appleid.apple.com which makes it seem like it could be owned by Apple... however it's just a redirect. This message, with the exact same body (including the name "Dan 's iPhone", along with the same IP and OS), is being sent to lots of people. This is a pretty sophisticated phishing scam.

I just got the same message as well...

It may or may not be legitimate, but to be safe open a browser and enter https://appleid.apple.com. Log in there and check.

If I get an email from "Apple" inviting me to log in from a link provided in the email, I always take that to be a phishing scam.  Go to the actual website and log in there.

IPs can be spoofed. Don't judge the authenticity of a site based on IP alone.

questionasker3 wrote:

 

IPs can be spoofed. Don't judge the authenticity of a site based on IP alone.

Time for a sanity check. No, IP addresses cannot be spoofed. Your router may have malware that will redirect an IP address, but that isn't spoofing, and is about as likely as you winning the lottery.

URLs cannot be spoofed either; however what you see in blue in a link is a LABEL, not where the link actually goes. For example, the blue text may say appleid.apple.com, but if you click it you can be sent to MalwareRUs.ru. Fortunately, with all modern browsers if you hover your mouse over the blue label it will display the actual target URL, and if it doesn't match what was in blue don't click on it. But even if you click on it by mistake you will know immediately, because the address bar at the top of your browser will display MalwareRUs.ru.

Regarding URLs, the key element is the end of it, or the last part before the first single slash. So appleid.apple.com is a legitimate Apple URL. As is apple.com/store, because the last thing before the first slash is apple.com.

According to Apple support the following message received 11.15.2015 on iMessage iPhone 6 is NOT from Apple:

Your Apple ID [REDACTED]  was signed in iMessage on Dan 's iPhone.

Device: iPhone 5c

IP address：17.172.224.47

OS: iOS 8.2

If you believe an unauthorized person accessed your account, please sign in and manage your account immediately by going to [REDACTED URL]

Thanks

Apple Support