An App Store phishing scam has been making the rounds, and these emails look similar to the real thing. People have reported getting a fake receipt claiming to be a purchase confirmation by Apple (via Wired).
App Store Phishing
The email claims to be a purchase confirmation. Most often have a PDF document attached. The file doesn’t sound like it contains malware, but it does contain special URLs that send you to malicious websites.
When you open one of the URLs, it will take you to a fake website that mimics the real Apple website in appearance. And if you enter your username and password, you’ll get an alert saying your account has been locked for security reasons. If you click that it will ask you to enter more personal information to “verify” your identity. Data like your Social Security number, name, address, and even your driver’s license and passport number.
There are a couple of ways to ensure you go to the real site and not a fake one. First, don’t click on any link in these emails. Type the address into the browser bar directly. You can also look at the email of the person who sent it. Finally, you can report phishing emails to Apple by forwarding them to email@example.com.