Apple will send you an email when your password has changed. Following safe browsing rules when using emails still apply though. A sender can spoof the sending address to anything the want and the link that shows in the email can show you text of the email address and take you to a different site all together of one that looks like the legitimate site.
The correct way to deal with an email such as this is to manually type in appleid.apple.com (since this is a known legitimate website) into your web browser and take the appropriate action from there. You will need to sign into this page, so if your password was changed to something else, you will immediately know it.