Thanks for your insightful reply. And you bring up good points. I find some of the (legitimate) unexpected and seemingly ambiguous communications and required actions to be confusing and unnecessary at best. At worst these actions set the stage for the hackers and scammers to act out their activities of theft and general havoc.
If I'm honest about it I am embarrassed to have been so gullible as to fall for this latest scam. So I know I'm venting while I'm writing. But the points, I hope, will be taken seriously so that scams like this will happen less often. For me all that was required was a call to American Express to cancel my card number and send a replacement. I did spend a couple of hours updated my credit card information for all my automatic payments and guarantees. It was painful enough to make me ultra-sensitive to any suspicious email, even from seemingly known sources. Best of luck!