I have always been very careful, but received a bogus email and foolishly checked with the sender via email and then tried to open the attachment. It did not open, but asked for email info which I provided. This was my work email (and our system did not catch it right away). That means hacker may have been able to see my emails before I changed the password. Do I need to set up (and of course pay for) one of these identify theft services? I think I have no instant credit, but beyond that what is the best thing to do? Unfortunately, there was an email I had not deleted that may have had some personal information. I now know I have to call, not email, the sender for suspicious items (we were having a meeting the next week so not surprising that he would send me something). Thanks!
Freeze your credit if you are concerned. Its now free, I believe.