This weekend my mom alerted me to an email she received from "Apple" a while ago that someone logged into her iCloud account and asked if she should be concerned.
I panicked. The email claimed someone running Firefox on a windows PC accessed her account some time ago. I panicked - has AppleID been compromised? I thought we had two-factor authentication turned on. We use 1Password. How did this happen?
Then I looked at the email again and hovered over the link that supposedly went to the Apple ID page and saw it directed us to a scam site. (Unfortunately, that doesn't show in the screenshot.) . The spoof email, though one of the best I have seen at matching the look and feel of a real Apple email, including my mom's email address, wasn't from Apple at all.
Just a reminder to be careful out there...