To the OP: Very sorry to hear, belatedly, that you were scammed.
Two anecdotes:
I once used a tour operator who told me this story: A client of theirs received an email, apparently from the tour operator, instructing them to send the payment for their tour to a different account than originally specified. It turned out that a scammer had hacked into the tour operator's email account, learned the names of people booking tours, and sent out the scam emails from the tour operator's email account, which I think was Hotmail, IIRC. After that, the tour operator started telling clients to check with them by phone before sending money based on an email. Personally, I thought that the tour operator should have reimbursed the client because the tour operator allowed their email to be hacked. But the tour operator turned out to be incompetent on so many different levels that their use of an unsecured email and probably an easily-guessed password, was no surprise. Halfway through the tour I quit using them because their service was so terrible, and booked with a local operator instead.
When I bought my house about a year and a half ago there were documents to be e-signed and money to be transferred. The escrow agency was very explicit that every time I received an email from them, I should phone them and talk to the escrow agent to confirm the email was legit. This was mostly the e-sign emails.
The lesson for all of us is that email is not secure unless you're using a special secure email service, and even then I wouldn't trust email with personal or financial information or money. It's also not a good idea to send large amounts of money via a method that cannot be reversed in the case of fraud. If Tesla is asking people to send them money by such means, shame on them.
Again, so sorry to the OP that you got robbed.