A lot has been written about this. Classic phishing, email from support@icloud.com to urge you to do something (stupid). Rule one with such emails, check the sender, for example on MacOS:
That’s an official Apple address, WTF? The funny thing is that most blogs ignore this fact and apparently accept it as possible. Really? Apple should be in full control of this email domain. Someone suggested that it’s just a user email address, like somebody has an AppleID called “support”. Of course not.
The truth is much simpler and anybody can find it. Just display the real, i.e. raw, email content with a font like courier. Mail on MacOS has a menu option View->Message->Raw Source that does just that:
Check the From line near the end:
From: iCIoud <support@icIoud.com>
or lower-case: icioud.com. That is not an Apple domain, according to WHOIS:
So it’s classic phishing after all. Smart use of font and capital ambiguities though..