This is what was sent to me via email:
I should have looked at what email address it was sent from: accounts-noreply <email@example.com>. Last time I checked google was with two O's. I am also lucky to have different passwords for all my online accounts (I use 1password). If you have the same password for many of your different online accounts you would be screwed. Luckly I was able to change my password immediately and anyone who was stung please change your password ASAP. I have also moved to a much secure option. Having Google Two-Step verification. In a nutshell this means I have separate google generated passwords with each non browser app I have. Not only would hackers need to get your password, they would also need my phone to do so. This is a much secure option. It does take some setting up, but it is all in the name of security and it is worth it.