The Mac Security Blog warns of a new phishing scam in circulation that tries to trick users into updating their Apple ID billing information, in hopes of stealing it for nefarious purposes.
A vast phishing attack has broken out, beginning on or around Christmas day, with e-mails being sent with the subject “Apple update your Billing Information.” These well-crafted e-mails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time. The messages claim to come from “firstname.lastname@example.org.”
The email looks pretty legitimate, but upon hovering over the link you'll notice it points to an obviously fake Apple website asking you to enter your Apple ID credentials, and it's all downhill from there.
As always, never click on links in an email -- type them in yourself in a browser. When you get phishing emails, mark as spam and wash your hands of the worry. Done and done.