iPhone XS and XS Max in silver, space gray, and gold.
Apple Shares Tips on Avoiding App Store and iTunes Phishing Emails
In the document, Apple outlines techniques to identify an actual App Store or iTunes email, which the company says will always include a current billing address, something scammers are unlikely to have access to.
Apple also says that emails from the App Store, iBooks Store, iTunes Store, or Apple Music will never ask customers to provide details like a Social Security Number, mother's maiden name, a credit card number, or a credit card CCV code.
Apple recommends that customers who receive emails asking them to update their account or payment information do so directly in the Settings app on an iPhone, iPad, or iPod touch, in iTunes or the App Store on a Mac, or in iTunes on a PC rather than through any kind of web interface.
Customers who receive a suspicious email can forward it to firstname.lastname@example.org, and any customer who may have entered personal information on a scam website should update their Apple ID password immediately.
Scam and phishing emails like those Apple describes in this support document are not new, but at the current time, there's a new wave of legitimate-looking emails going around that look much like Apple emails that can easily fool customers who don't know what to look for.