Thanks for your insightful reply. And you bring up good points. I find some of the (legitimate) unexpected and seemingly ambiguous communications and required actions to be confusing and unnecessary at best. At worst these actions set the stage for the hackers and scammers to act out their activities of theft and general havoc.
If I'm honest about it I am embarrassed to have been so gullible as to fall for this latest scam. So I know I'm venting while I'm writing. But the points, I hope, will be taken seriously so that scams like this will happen less often. For me all that was required was a call to American Express to cancel my card number and send a replacement. I did spend a couple of hours updated my credit card information for all my automatic payments and guarantees. It was painful enough to make me ultra-sensitive to any suspicious email, even from seemingly known sources. Best of luck!
If the email from e.paypal.com is a phishing email why is the posted reply from PayPal_Lilly allowed to remain? PayPal_Lilly says:
"I can confirm that is a legitimate email sent from PayPal regarding our Electronic Communications Delivery Policy. "
Based on this post I almost replied to the e.paypal.com phishing email. Fortunately I read some of the other posts.
I strongly urge you to either remove PayPal_Lilly's post or do something to alert people that this is not the correct answer!