Two years after the phishing of John Podesta, Apple posted—but did not push—this warning to users: Identify legitimate emails from the App Store or iTunes Store
From a friend of the blog:
Phil, I get this kind of phishing shit constantly. Some of the emails look a lot more authentic than this one. Can Apple do anything to put such criminals behind bars? Does Apple care? Their customers are being preyed upon.
Click to enlarge.
My take: I take no comfort from the fact that Podesta was using gmail. Any fool can get phished.
Pro tip: Legitimate Apple emails come from apple.com.