There is a clever phishing scheme now where the attacker sends an email that purports to be from Apple advising you of an overseas purchase of a game from iTunes for about $50. There is a PDF of the receipt and a link to challenge it. Previously, there may have been another email without attachments advising of the purchase. If you run the cursor over the sender, it doesn't have Apple in the domain name.
This scheme is a little more complex than a lot of them. You can forward it to "reportphishing" at apple.com