
In this apple phishing email example, the problem is called a subdomain attack. Always look for the dot within the email. This one is tricky since some legitimate companies use subdomains.
The critical thing to look for is random subdomain names. For instance, why would it be “apple.idhelp” when “apple.help” would suffice.
Again if you suspect a phishing attempt from apple, then check their support page.