iOS Bug Could Lead to Stolen iCloud Passwords
A bug in iOS 8.3 prevents the Mail app from stripping risky code from email messages. In a proof-of-concept attack, security researchers inserted code into email messages that displayed a fake iCloud login prompt. While this hasn’t yet appeared in the wild, there’s an easy way to tell if an Apple login dialog is real: press the Home button. A real login dialog is modal, which means that pressing the Home button will do nothing until the dialog has been addressed.
What/where is the "Home" button on a computer?
The bug is in iOS, so there's no need to press your Mac's Home button. :-)
You can also just turn off Load Remote Images in Settings app "Mail, Contacts, Calendars". The name seems to be a bit of a misnomer in that it disables all remote content including the website that is being loaded via the meta-refresh.
Turning off Load Remote Images has the additional privacy advantage that spammers and others can't use web-bug images to verify that your email account is real.