
Apple notes that all official Apple emails will come from an @apple.com domain and only from there.
Security firm Intego, which brought the attack to national attention, says the redirect link will take users to a numbered IP address and not an Apple URL. The sign-in page asked for personal info and credit card info tied to your Apple ID.
The attack began right after Christmas, preying on the expected surge in Apple Mac purchases.