Yeah, I'm guessing phishing. The links in the e-mail aren't obviously phishing though, and I have no intention of clicking on them to check them out. Sent an e-mail to the provider to make sure that nothing's actually going on. In paranoia, I figured I'd just put up this notice in case the attack happened on the host's end.