An iOS bug, introduced in the last update (8.3), allows a fake iCloud login prompt to be inserted in an email. Here's the article at ars: <
Serious iOS bug makes it easy to steal users’ iCloud passwords>
So far this is just a "proof of concept". If you have any question about an iCloud login request, especially while using Mail, just press your Home button. A true login prompt is a modal dialog, meaning you must enter the requested info to get rid of the window. If the request if valid, pressing the Home button will do nothing. If this fake request goes away when you press the Home button, delete the message, immediately.
