A widespread and sneaky phishing campaign is underway that pretends to be a purchase confirmation from the Apple App store. These emails contain a PDF attachment that pretends to be a receipt for an app that was purchased by your account for $30 USD and tells you to click a link if the transaction was unauthorized. Once a user clicks the link, down the rabbit hole they go.
I first learned about this campaign this weekend when three different people during the course of a single weekend told me that they had received an email stating that they purchased an app from the Apple App Store when they know that they did not. It was not until I started researching this campaign that I learned how widespread it is.