Looks like it. If you're received that email, then someone has used your details, thinking that the magic code will be emailed to *them* not you. morons.
The reason its done is not so you know people are stealing, but because if the email wasn't sent, you'd never get it if you really did ask for your code to be re-emailed
- theres no way of telling whether a request is legit or not if the details provided are correct.