Facebook account has been hacked

Whether this is real or not requires you review the actual mail headers.

Anyone can set a from address of security@facebookmail.com + no one can fake Received headers in the actual message.

If you're unsure about this, post the entire message (100% of all headers + body, no redactions) as a text attachment for review.

Check the headers, DKIM, DMARC and SPF will tell you whether that e-mail is coming from FB. But it requires that you trust your e-mail provider.

I never done this for FB. But an automatic unlock procedure should start on the facebook page itself. When e-mail is involved, the site normally tells you what it is sending to you. Then you should only react on that e-mail, which is in many scenario send in a timely manner only.

I am not able to login to FB. They changed all my MFA codes so even if I ask to send link to reset password it never gets here.My password was a passphrase so whoever did this knows what they are doing.

In this case snail mail FB and waaaait. Or create a new account.

They have a site for authentication. It asked for my drivers license. The address looked authentic so hopefully it was. I do not use FB much so I will wait.

Awareness
• Be mindful. Never leave your devices unattended.
• Beware of shoulder surfers or people who are looking at your device. 
• Never access sensitive data in a public place. 
• Be cautious about connecting to public Wi-Fi networks. 
• Be suspicious of anyone asking for data or resources.
• When someone requests something of you, always verify.
• Be suspicious of free email offers or offers from unknown/uninvited sources.
• Maintain password security.
• Be mindful of how anything is shared on social networking.
• Always be on the lookout for possible social engineering.
• Stay up-to-date on the latest social engineering techniques.
• Create passwords or passphrases that are hard to guess but easy for you.
• Increase password complexity depending on the importance of the data.
• Consider using MF authentication when possible.

https://www.facebook.com/help/285695718429403

I access FB from one computer at home and one computer at my office. I also access from my iPhone. I think this was an inside job due to my political leanings.I do not use FB much so to lose it is no skin off my teeth.

Is there anyway to to have them delete my account so I can start over?

I sent an email to DirectFbHelps@outlook.com and received a reply from facebookdesks@gmail.com.
Is this legitmate or simply a clever phishing stunt?

While I never needed to do this, but the only mails from FB are from @facebook,com so far:

Stunt for sure. Your phishing senses should tingle like hell.

When there is no PKI involved to sign those e-mails, I would not react on them.

btw, FB should have a ask friends feature for reactivating an account.

Now they want a Google security card. What is that? Looks like they are after security information so they can hack some more.

It is for sure identity theft. Contact your local police office and ask for the next steps.

Is there anyway to to have them delete my account so I can start over?
No. It will difficult to prove that you are the owner of your Facebook account if both your recovery email address and phone number have been changed.

Now they want a Google security card. What is that?
Google security card is hardware token to act as Multiple factor authentication for access to your Google account.

Do you mean that the hackers want your Google security card?

Yes, this is obviously a scam. I have created a new account and told as many of my friends as possible to accept my new friend request. I do not use FB much so it is no skin off my my back to lose what little was there.

The best practice is turn on two factor authentication now if you do not want your new Facebook account to be hacked again.

https://m.facebook.com/help/358336074294704

Yes, that was the first thing I did. I aslo sent an email to our local police asking if they want to follow up with the scam.

Facebook also offers a Code Generator feature which changes every 30 seconds.
It requires it anytime a new access from an unknown browser or device is made.
You should activate that as well.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

I am using Google Authenticator app in my smartphone to approve every login to my Facebook account.

here is the Facebook Security Checkup page to ensure your account has all security in place that they suggest:
 https://www.facebook.com/help/799880743466869/?ref=sc

Both of these are in place. The only problem I have now are when people send messages they are sending them to the old account so I can view them.

I have turned on all alerts.