Received the attached text last night - almost got me to believe it was real (and I'm vigilant about these things). It comes up as being from 'Apple' and was addressed to my full name. My friend received one too, so it must have been a widespread thing. He went as far as giving his initial log in and address details before realising something was wrong - luckily he hadn't yet filled out the card details they ask for (he's since changed his Apple ID password - do you think he should cancel his cards as well? He didn't put in any financial information). According to my friend, the link on that text redirects to a perfect emulation of the Apple ID page (and the link address is a plausible one too). Probably the most realistic one of these I've seen. What's the best way to report this to Apple?