I can assure you that the email was a scam to get your password.
Many people use the same password or a variant (different person's name) for many accounts. The crooks have already tried to get into your bank account. I hope it has an entirely different password.
Then there is Amazon that permanently keeps your credit card info. They sell some expensive and resellable stuff.
There are actually web sites that sell ID information to the highest bidder.
Check all your accounts and change the passwords. If you were already ripped off, you have a lot of rights with credit card purchases, some rights with debit card and online banking transactions. All these refund rights are strictly time limited, so contact vendors immediately about any unauthorized purchases and follow up by certified mail.
Don't be embarrassed or shamed by the vendor into paying anyway. Banks should require additional authentication when a different computer logs on and stores should not retain credit card info. If they have low security, they can pay for it.