yeah checked that. logged into amazon outside the mail, so it was legit.
it's either a keylogger, or one of the standard old passwords i was using that got exposed in one of the recent larger providers hacks...
not sure if i still used one of the standard ones for amazon.
but i'm playing it...