I would say that the emails are definitely from Apple and that someone was definitely attempting to get control of your account by changing the password. However, to change the password they need to provide the current password. The fact that you have received multiple motices from Apple would suggest that the person is in the process of trying to guess your current password and each notice would be a failed attempt. But if your password is something easily guessed by someone who knows you or if it is associated with some information someone can easily find out about you, I would strongly encounrage you to change the password to something unguessable.
Manage your Apple ID -
https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/
Alphanumeric passwords with both random upper and lowercase letters would be very difficult for someone to guess. As an example;
BV7ktpYcj3yue7nzc26o
Yes, that would be difficult for you to remember, which is why folks are now going to password vault software. I have personally used 1Password for quite some time. It has both Mac and iOS versions, so I have all of my passwords synced to all of my devices. But if your Mac qualifies to use OS X Mavericks 10.9 when it comes out in a few months, I would not invest in one of the paid versions of a password vaults the new Mac OS, as well as the new version of iOS, version 7, will have this technology built into it as an extension of the Keychain software that is now part of OS X. But until then, Safari will store such strong passwords for you in your user account's keychain, it just won't generate them for you and it can't be easily synced to your other Macs, or to your iOS devices. Or you could store such strong passwords as a Secure Note in Keychain as well.