This twitter phishing attack email looks dodgy to me. *No* company should ask a user to reset their password via a link in the email.