@Kryten: I'm glad you posted this. Sure, most of us have obtained similar emails, but it never hurts to show people how easily they could get caught and what to check.
For example, as Moderator Ashwin said, click on the Sender's name and you will almost certainly see something like - xyzzy.apple.resource.net.com
Next: check how you they addressed you. Apple, in particular, but many others too, will have learnt how you wish to be addressed. Dear Mr Smith, Dear Mr M Smith, Dear Mike Smith, Dear Mike etc
Next: check the grammar and spelling. Often these are atrocious.
Never click on an included link that is supposed to take you to security, or Sales, or the Depot............
Don't worry in your case that they got your Apple ID Username. That's just your email address. Nothing difficult in finding what that is.
Some of the cleverest ones I've had, exactly mimicked the font and website layout of the real Sender - often a bank, building society, telephone provider (I used to get loads from BT = British Telecom for those outside the uk.).
Another great one is from a reputable delivery service UPS/DPD/Hermes etc - telling you that your parcel or delivery item could not be delivered and inviting you to click below to choose a more suitable date.
Ian