With over 800 million active accounts, according to Apple's most recent tally, criminals have a large target to hit, and the easiest way to do it is via classic phishing campaigns.
In one of the most recent of such attacks, users are receiving emails from firstname.lastname@example.org in which they are told about a limitation on their account. To remove it, users need to log into their accounts and update their data.
The email uses the same graphic style of actual Apple emails, but if users are careful enough, they could easily spot the problem inside the sender's email address, which lacks an "l" from the domain name (appe.com).
In case users are careless and click the link provided in the email, they'll land on a phony Apple website, where all the data they enter is recorded in the criminal's database, including details regarding credit card information.
Source : http://news.softpedia.com/news/beware-of-a-new-apple-id-phishing-campaign-495896.shtml