Twitter is being used in a phishing scam to obtain your login credentials, using a fake login site under different domain to try and trick you to fill in your username and password. They are using direct messages to do this, and supposedly uses tricked accounts to widen their scam. Read the Twitter blog post for more.
Always make sure that you sign in on twitter.com! That way you’ll know that you’re not sending your login credentials through an unknown party. You might even want to take it one step further and just not click any links in the notification emails sent out that tells you you’ve got a DM. Just go to twitter.com instead, and click the DM link in the right column and you’ll be in the clear.