Thanks @_az, and there are also resources to report these to Microsoft and to Apple:
https://www.microsoft.com/en-us/safety/online-privacy/phishing-scams.aspx#Report
I’m not sure exactly what each company does in response to reports, but it seems like an appropriate course of action.