This one’s good. It sends a user a notice, indicating that a purchase was made on their Apple ID, and provides a link to a refund request form. It asks for your Apple login info, name, address, date of birth, and full payment card information.
DO NOT EVER FILL THIS OUT FOR A REFUND!
The refund page is quite well done. It re-creates the Apple Store feel, so it’s bound to make more than a few people fall for it. But a refund page should never EVER ask for the full payment card info, and probably won’t be asking you for address and DOB, either. At most, they just need the order number (often, this is invisible to the user). You verify SOME personal data (usually the login info and maybe order number), and a refund is processed along merchant processes.
They do not need your full card information again.
Right now, we’re seeing this in the U.K., but it’s common for phishing campaigns to start there, and then migrate to the U.S. when some of the “bugs” are ironed out.
For details, including screenshots, visit KnowBe4’s Blog post on the topic.