No, anytime there is an attempt you get that email, legit attempt or fishing attempt.So you're saying that it's legit then, and someone tried to log in, or is the message that someone tried to log in fake itself?
The email looks pretty fake so it's probably not legit.
Why if they don't have my password? That's a hassle.
That's your risk assessment to make.