vsmith: I am not saying this is what happened to you... but I have in the past received e-mails notifying me to change my password on a forum or other website and the e-mail had a link embedded in it that looked like it was provided for my convenience to reach the website to change my password.
But when I checked the address it would go to, it was bogus... it was an attempt to steal my ID on those sites.
I noticed that the address it was going to go to was not quite right... it was a really long address... supposedly to be a direct link to my account, but upon looking closely at the address it had a simple difference that most people would not see...
Normally addresses take the form of, "http://gmail.com/blah blah blah..." Note the FORWARD SLASH ("/") after the ".com". That is normal and should ALWAYS be a forward slash. What follows that slash is a page of that website and not a part of the URL.
In the address in the notification I received it was a DOT ("."), which makes what follows (the "blah blah blah..." in the example above) a part of the URL and not a page of that URL.
Thus in my case the real URL was not "gmail.com" but "gmail.com.blah blah blah" and much, much further along there was yet another ".com/" that truly ended the URL portion. So it would NOT have directed me to the "gmail" website, but to the "gmail.com.blah blah blah..." website.
This is why it is often advised to NEVER click on a link in an e-mail, because it may be a bogus address and only close examination would reveal that fact... something not everybody knows to look for, or how to recognize that it is bogus.
I make this suggestion to everyone... DO NOT CLICK links in e-mails unless you KNOW it to be valid.
If anyone else has received such e-mails (from any place!) and clicked the "convenient" link in the e-mail, I'd advise you to go directly to that website via your normal access route (type in the address yourself or use your 'Favorites' link) and change your password again to something different.