Playing off the now-common practice of companies sending emails for logins from new IP addresses and so on, this latest type of phishing email is very dangerous.
NEVER CLICK ON LINKS in EMAILS (in general), particularly ones like this.
This one even uses a font similar to what Apple uses:
Well, almost never; if it arrived right after you yourself requested a password reset—that’s a reasonable case. Otherwise, if you were born yesterday and actually think it is legit, go to the claimed site by entering the web address manually, e.g., type in apple.com or whatever.
In MPG’s view, Apple Mail is remiss in not adding technology to counter such emails, if only popping up a little display with the URL when the link is moused-over. It’s just insane in this day and age to not have much better intelligence in Mail softtware—self driving cars while phishing runs rampant?