Early this morning, I received three emails within ~15 minutes (note: the email account that received these emails *is* connected to my Facebook account) from security (at) facebookmail (dot) com [using ZuckMail, version 1.00], all titled "XXXXXX is your Facebook account recovery code."
The body of each email was the same, saying, "Hi [my first name], We received a request to reset your Facebook password. Click here to change your password. Alternatively, you can enter the following password reset code: XXXXXX. If you didn't reset a new password, let us know. Thanks, The Facebook Team."
I did not click the "click here to reset your password," link but I did click on "let us know" on all three emails, which opened Facebook in a new tab and said something like, "Thanks for letting us know" and, "Still having problems?" I pressed the "still having problems" link, which lead me to another page within Facebook with a cartoon robot. It took a few moments to check my account for suspicious activity. There was nothing unusual. I then changed my password.
I then received another email from security (at) facebookmail (dot) com [using ZuckMail, version 1.00], saying I changed my password.
After that, I did some Googling to see if anyone else had an email from Facebook saying "here's your account recovery code!" I saw a lot of answers that said, "Don't click any links in those emails! They're phishing scams! If you click on one of those links and change your password, you will get hacked!"
Well, now I feel like an idiot. Are the first emails really from Facebook?
I don't think I've received emails from Facebook with an account recovery code and I have had Facebook for ten years, and I didn't receive a text message from Facebook, warning me or sending me a code. (I have two-factor authentication with my cell number attached, and I'm supposed to get alerts about unrecognized logins. I don't know if I should have received a text message if someone tried to reset my email, but I thought I'd mention that.)
Being paranoid, I changed my Facebook password yet again...!
So, did I fall for a fake-Facebook email scam, or were they real emails from Facebook?