Poor analogy and still not explanatory.
Anyway, I would have received an email notifying me of the phisher's log in.
Not that it matters. The phone is gone and my personal data is pretty worthless.
As was mentioned, these are not official Apple sites. This looks like a pretty clear attempt to get your information. If you enter your Apple ID and password, the person who stole your iPhone will be able to turn off Activation Lock, making it usable. Phishing attempts are common after having a device stolen because the thief wants to be able to remove the restrictions, so it's definitely something to be hyper vigilant about.
Apple doesn't send those type of alerts via iMessage and that's not accurate wording. Unless you type iCloud.com into your browser yourself, don't enter your information into any iCloud link you get through email or a text message.