This is a great article that everybody should read. We all like to think we would never fall for a phishing scam, but it's sometimes easy to forget yourself. Even I have occasionally seen a scam-mail message and, for a moment, considered that it might be real. Fortunately, I've never believed it long enough to click on a link or give the scammers any information, but not everybody is that observant and some scams are better-crafted than others.
This file is a walk-through a scam that is currently making the rounds of the internet, along with lots of notes about what should be red-flags for you and what you should look out for.
Without rehashing the entire article (please go read it), the biggest telltale is the URL that the links point to. An official mail message from a legitimate corporation will direct you to a URL that belongs to the corporation's domain, and will come from a mail server that belongs to that corporation's domain. Apple will never send you mail from a Gmail account, and a government agency won't use a free-mail service for official business.
(Yes, I'm aware that Lois Lerner used a personal mailbox for official business as a part of her activities in the IRS scandal. That doesn't change what I wrote above, since she was almost certainly using this mailbox as a part of criminal activity.)