Playing off the now-common practice of companies sending emails for logins from new IP addresses and so on, this latest type of phishing email is very dangerous.
Do NOT click on links in emails (in general), particularly ones like this.
See also other security topics.
This one even uses a font similar to what Apple uses:
NEVER (well, almost never) click on links in emails. Well, almost never; if it arrived right after you yourself requested a password reset—that’s a reasonable case. Otherwise, if you were born yesterday and actually think it is legit, go to the claimed site by entering the web address manually, e.g., apple.com or whatever.
In MPG’s view, Apple Mail is remiss in not adding technology to counter such emails, if only popping up a little display with the URL when the link is moused-over. It’s just insanely discourteous to users that features like that are not there, at least as an option.