Dan,
Again thanks for the prompt reply. Your discussion seems on the mark for me; the only problem with the traditional phishing explanation is that I did not fall for an email; it was instead a small coloured rectangle with a request for a password and an email address. It looked very official, but no ID.
I assumed the request was from the ISP, which they denied or really only said that they were fully confident in their system integrity. Since I like their service I did not press the issue. They are rightly reluctant to discuss these things over the telephone.
I am satisfied now that I am doing most things right. I will continue to monitor what happens and see if in fact there is an explanation. All passwords have been changed.
Thanks again.
Dan D.