Refer attached edited screen shots. Messages like these occasionally arrive in my mail. Each message can be confirmed as a scam in the Mail app by placing the cursor over the link the user is expected to click on and just waiting a few moments. A box appears displaying the destination for the link which, in this case, is not apple.com. There are other anomalies in the message but a hurried user may not notice them.
It’s best users be aware of this type of ‘phishing’ scam whereby crooks send deceptive messages to get unsuspecting users to enter their account access details into a webpage that presumably looks like (in this case) Apple’s real website.
Once the crooks have the user's details, depending on what the Apple account is used for, the crooks could cause havoc for the user's life and business.
We can expect the scams to get more and more believable over time. If some site is asking for your account details, consider it suspect until proven innocent. One way to reduce the risk of falling victim is to NOT intuitively and casually click on links from messages unless you trust the source because it won’t always be harmless to simply load a website. Some links can be personalised so that the crooks will know which user’s address simply opened the website, even if nothing was entered into the page, which will then confirm for the crooks that the address is a legitimate one and that the user is keen to hit those links. Such users would likely then be targeted more.
In recent months Apple has improved its security measures that are available to users to reduce risk of others accessing the account. Some of these security changes are passive in that we need not make changes ourselves, but the best protection means we need make some active choices about the account.
Much of Apple's security overview may be found from this link: http://support.apple.com/en-us/HT202303
The page mentions 2-step verification which eSage recommends be turned on if the account is an important one.