There is something clearly wrong here...
... this is not likely a valid Apple email address:
I moused-over the "iforgot.apple.com" hyperlink, which actually goes to
This is clearly not in the apple domain.
Curious, I clicked on that and wound up at this authentic-looking web page at
It's one of the more clever phishing attacks I've seen recently.
Looks pretty real, doesn't it? That's because it is a complete copy of the real Apple page:
In case you wonder, the real page https://iforgot.apple.com looks like this:
Now I'm going to report this as a phishing page at
This exact attack has been around at other addresses, for example here.