I received an email today that looked like it was from Facebook that said someone requested a password change. It looked legit. However all the links in the email pointed to a site that was clearly NOT Facebook and would most likely infect you with something.
The really clever/bad thing about the email links is that there was one that said “If you didn’t request a new password, let us know immediately”. People receiving this email and believing it was from Facebook would most likely click this link and suffer the consequences.
It’s getting so you can’t trust ANY emails that you get from ANYBODY.