One of the downsides of having 43 credit cards is that you have a lot more credit cards that are subject to fraudulent use. I’m actually not super concerned about fraudulent activity on my cards – in my experience, banks and credit card companies are pretty good at identifying and stopping fraud. In fact, I get fraud-blocked for ACTUAL purchases way more than I get alerted for transactions that are NOT fraud. I think the best thing you can do to prevent fraudulent transaction is to simply monitor the transactions on your card(s). Recently I was exposed to a new fraud tactic – about 4pm last Wednesday I started seeing HUNDREDS of mail subscription emails and confirmations.
Why am I getting tons of mail subscription emails?
I was very confused as to how I was getting all these subscription confirmations and emails. I mean this was not a one-off occurrence! I was getting at least tens of these mail subscription confirmations every minute
This is a minute fraction of the spam confirmation emails that I was seeing come in.
A bit of searching around indicated that sending millions of spam confirmation mails is a new technique that people use when they’ve hacked your credit card information. The idea is that by sending you hundreds of spam confirmations, you’ll miss the emails that are alerting you of unauthorized purchases or withdrawals.
What to do if you get hundreds of spam confirmations?
The first thing that you should do is (from a secure place) log in and check all of your bank and credit card companies. Check eBay, PayPal, Amazon and anywhere else that might have your information stored.
I also forwarded some of the spam emails to the Mailchimp abuse center (the bulk mail sender). They got back to me and said that they stopped my email address from getting more mail from them, but that it “appears a spambot may be entering your address into legitimate sign up forms around the web”.
In my case, I was actually traveling and out of town so it took me awhile to figure out where the transactions were coming from. Someone had gotten a hold of my Barclaycard Wyndham Rewards Visa card. I had signed up for that card a few months ago when the bonus was up to 45,000 Wyndham Rewards points (enough for 3 nights at ANY Wyndham hotel)
[Top credit card offers – 50,000 mile signup bonus or more!]
I checked Mint, which is one tool I use to track my transactions, but no fraudulent transactions showed up. I later realized that was because these fraudulent transactions had not been fully authorized and were still temporary charges. A quick call to Barclaycard fixed things up – they removed the charges and overnighted me a new card
Have you been getting thousands of spam confirmation subscription emails? Was your bank or credit card information hacked?
This site is part of an affiliate sales network and receives compensation for sending traffic to partner sites, such as thepointsguy.com. This may impact how and where links appear on this site. Responses are not provided or commissioned by the bank advertiser. Some or all of the card offers that appear on the website are from advertisers and that compensation may impact on how and where card products appear on the site. Any opinions expressed in this post are my own, and have not been reviewed, approved, or endorsed by my advertising partners and I do not include all card companies, or all available card offers. Terms apply to American Express benefits and offers and other offers and benefits listed on this page. Enrollment may be required for select American Express benefits and offers. Visit americanexpress.com to learn more. Other links on this page may also pay me a commission - as always, thanks for your support if you use them
User Generated Content Disclosure: Points With a Crew encourages constructive discussions, comments, and questions. Responses are not provided by or commissioned by any bank advertisers. These responses have not been reviewed, approved, or endorsed by the bank advertiser. It is not the responsibility of the bank advertiser to respond to comments.
Dan Miller travels with his wife and 6 (SIX!) children. He loves to help families travel for free / cheap, especially larger families. If you are looking for help, drop him an email at 
wow! Thanks for sharing your experience.
That is horrible what they are doing to try to steal from you and then create an email nightmare to as their getaway tactic.
So now what do you do about all of the spam you are getting?
Thanks for sharing your experience. How did you figure out it was the Barclay card?
Same awful experience here. So far more than 3000 emails and they keep coming. Many in russian, Chinese, spanish, etc. I created a rule to automatically delete any new email with the word newsletter in it. I also filter to view any emails with the word order and I found one from Fry’s.com confirming a $767 purchase of a gaming monitor. I was able to login and cancel the order. I also called Fry’s customer support and told them about the incident and closed my online account. They confirmed cancellation of the order. So far its been 12 hours and the emails keep arriving, not as often as before but still more than 5 per minute that are not catch by my autodelete rule because they are in other languages.
That stinks but at least you know now why it’s happening. I’d definitely call your credit card company that was used to book the order at Frys
Currently in the middle of this nightmare. They tried to purchase a vacuumm at bed bath and beyond.
I haven’t found any good solutions so still looking for help. added unroll.me and am marking spam but still getting tens an hour (down from the hundreds yesterday).
Hoping at some point the bot moves on…
I, too, am in the middle of this nightmare. There were two orders to Wayfair placed in my name this week. The first one was delivered; the second one was stopped and Wayfair is looking into it. It appears that they were made with a MC in my name, but I don’t own a MC and am not seeing where one has been opened in my name (per the credit bureaus). It’s the strangest thing.
How are you making the emails stop??
Mine just stopped on their own after a few days. I had to watch my credit card statements though
I got hit by something similar, today.
12 thousand messages, thus far … still going …
They’re all being registered/requested by a single IP address in Vietnam.
I couldn’t seem to get a message through to the contacts listed by the registrar.
One of the first things I saw, this morning, was an addition of a credit card, on my Chewy account, new shipping address, and an order of cat food. I called the number listed with the east coast shipping address, and it was some doctor’s office who didn’t know anything. Chewy said the order login was from the Seattle area.
I updated my passwords, but am really tired of this hell, and if it keeps going or doesn’t go away then I might have to resort to getting a new primary email address.
This is very disruptive to people’s lives.
How were you able to determine that they were all being registered from a single IP address?
Excellent post. I got hit with the mail list spam a few days ago. The first time I didn’t even notice it because the hundreds of mailing list subscription when into my promotions folder. I don’t look at that every day. The next time I did notice, and spent almost 3 hours unsubscribing and marking as spam. In the end I found 6 e-mails from Apple about someone else’s iPhone order. After tracking that person down, I found indeed they did get scammed. The strange thing is he an e-mail address with a completely different ISP that is not quite the same… Same first and middle name, but completely different last name. I finally realised the scammer probably had his username for a website, but not his e-mail. So they did a google an his full name, and since our middle names are rather unique I was probably the first match they found with an e-mail address.
Thank you for this post. It saved me a lot of headaches. I had about 600 subscription emails come in in about 3hours and was panicking. Found this post and knew to check my credit cards right away. Found a $500+ purchase at best buy on a card I use only for travel. Was able to contact Chase right away, cancel the purchase and replace with a new cc and number. Thanks again.
Glad it was able to help!
I just had this happen today. The first flag was an email from Paypal confirming a payment that I knew I had not made. I was able to cancel the order before it was sent and the company froze my account. I contacted Paypal and they opened an investigation. Then I contacted Wells Fargo which was the funding source for Paypal, the charge hadn’t even hit there. I thought everything was good until I checked my spam folder! I had about 1000 emails verifying my subscriptions. I checked Outlook to see the login activity and found that my account had been under attack for almost a month from places like Japan, Russia, China… Outlook shows that none were successful. I’m not sure how all that works but I will be keeping an eye on everything and I signed up for 1password.com to manage my passwords. I’m glad to find this website to confirm what was happening. Thanks!
Glad it could help!
Thank you for this post, I am having this happen to me as well and my Paypal Debit card was hacked a few days ago. Thankfully I had text alerts and they immediately canceled my card. The person bought bitcoin with my card.
Looks like today, I am joining this group of hacked people. All the posts are very helpful, thank you all! I had an academy order with my name email and phone. But addresses were not mine and cc was not either. Called and cancelled order. I am working through filters to handle hundreds of scam emails. Cannot find any unusual activity at Experian or credit cards. Why would anyone do this if they did not want to get some $$$!? would really appreciate it if anyone could post how this nightmare ends….
This happened to me yesterday with 3000 emails where I was signed up for every subscription under the sun. As I was sending them to spam I found one that said my email had been changed for Wayfair.com and my order on Wayfair.com was going to ship. I did not have an order that I made on Wayfair.com. I checked my account and there was an order pending to ship. With all the deleting of emails the person responsible expected me to miss the email that alerted me to the order that was fraudulently placed. I was able to prevent the shipment and Wayfair was already investigating it by the time I called them. This scam rattled me like no other scam. I am still getting residual emails from this. Ugh!
Yup – that’s the classic scam that they’re running – hoping you’ll miss the fraudulent email in the midst of all those subscription emails
This happened to me yesterday and Google directed me here, so thanks!
The fraudulently-ordered merch was being sent to my house, so the thieves must be planning to stop by after it’s delivered!
I got 240 emails in 10 minutes and then they stopped, but the bogus purchase happened about 5 minutes earlier, so it wasn’t even hidden!
Did the emails ever stop?! I’m losin my mind, I’ve forwarded some to Mailchimp and unsubscribed to a lot but it seems to never end!
I am going through this right now – several thousand emails in the past 36 hours. So far the only compromised account is my domain handler. I am in the process of getting this resolved and keeping an eye out for anything else. What is puzzling though is I use an industry-approved password manager, and have different 16+ character passwords for each account. So is this an internal job to the domain hosting company, a breach of the password manager or something else?
They never needed your password to do this, only your email address. Your account is likely not compromised, it’s just under seige. What we need is a way to bulk unsubscribe.
I have same problem here.
Got 800 mails last night with mostly subscriptions for random sites from A to Z but I also saw one from a webshop which I have an account for. There was an order placed with a creditcard (not same number as my current one) and the store cancelled it on their own. But I am wanting to know is where does this come from? Does this come from the webshop which could be hacked? Or has anyone who has my mailadres been having fun with it. I ask this because yesterday I made an enquiry on a housing site and filled in a form with my emailadress. Now within 24h I get this shit. Coincidence or was it an untrustworthy or hacked company?
Also I don’t dare to unsubscribe to these mails because maybe there is one in between with fishing link? Is that possible? So I think it’s better to filter all these mails. And luckily alot of them ask for a confirmation first before you are on their list so most will stop after this one time. At least I hope.
Also want to mention that the webshop order was also visible in my account on that shop. So it was not only a faked mail orso.
I just want to make sure: Did anyone have more than 1 fraudulent charge? I found the one in the 1000 from Best Buy for $500+, canceled the card, etc. But I just want to make sure everyone had just one fraudulent charge?
I had two transactions attempted, but both from the same retailer. It was Walmart.com, where I had two credit card numbers on file. They tried to order a Playstation for pickup at a local store with one of the cards. The credit card company declined the charge. Then they tried the second card, and that one also declined.
This is exactly what we need to do to those Nigerian kings, Indian scammers, v!agra sellers and all those spammers and phishers (is that a word?) to flood their emails making it harder for them to steal from people.
This happened to me yesterday! I know this is older, but this is the best post about it I could find. Thankfully Amex sent me a text super early in the morning. The person bought thousands of gift card from my Sam’s account and had them sent to a “friend’s” e-mail. It’s such a mess and I had thousands of emails in different languages subscribed at the same time. I felt less alone reading this. Amex overnighted me a new card-I use this card for everyday purchases/to get travel points and because my debit card was used for fraud about 8 years ago and I try to avoid using it since. Thankfully I only had one card saved on the site.
This just happened to me. I live in BC and someone placed an order from Apple.com for pickup in Montreal. My RBC credit card was compromised, along with my email address, mailing address, and phone #.
Luckily I noticed between the dozens of spam mailing list signups this Apple.com order email.
But I have no idea HOW my information was compromised yet 🙁
I’m dealing with this nightmare at the moment. Yesterday at 3:30pm I suddenly started receiving a barrage of emails from a lot of random sites (some were more than 1 from the same site) asking me to confirm my subscription or thanking me from signing up. Some were even in other languages and I had to use an online translator to figure out what they were saying!
I’m glad I found this article, I noticed that near the start of all the emails there was one from Walmart thanking me for my order and telling me it was going to ship. I never placed the order and the address was on the opposite side of the country from me (the alleged recipient has the same last name, though…not that I knew him at all). And the last 4 digits of the credit card didn’t belong to any of my cards. I haven’t purchased anything from Walmart in a few years now (in fact the only card I have associated with my account was an old, expired one), but went to my account and saw that the hacker had added a new card to my account and was using that one. I deleted the card, deleted the shipping address and I canceled the order. I later received an email from Walmart confirming the order cancellation. I’m going to call them tomorrow and ask if the account can be deactivated or deleted. I checked my other sites and financial institutions, and I don’t see any fraudulent charges there so I’m hoping I’ve caught the one attempt.
I don’t understand the scam. He used your account but had to use a CC that was not yours. If the CC was not yours, was it someone else’s? Where is the money scam?
6 years after the original post – and this just happened to me last night! I received a phone call at 3:03 a.m., which I ignored. They called 2 more times, which I ignored. I was fully awake by that time and I looked at my phone to see what the phone number was. I noticed a text confirming a reservation, which I assumed had been sent to the wrong phone number. There was a fourth call, which I answered (to make it STOP) and there was no one on the line. I was really awake by that time, so I looked at my e-mail and noticed about 800-1000 emails flooded my inbox from about 1:55 a.m. to 3:30 a.m. Because of this post – I looked at my credit cards (I only have a few) and found the fraudulent charge made last night at 3:13 a.m. I canceled the card and disputed the charge. Also, because of this post, I searched the e-mails and found a flight reservation for Alexander Kaloshin from Miami to Istanbul, leaving tonight and booked on CheapFlightFares.com. I called and canceled Alexander the Scammer’s vacation to Istanbul. Unfortunately, I probably just delayed it a bit until he pulls the same scam on someone else. I also see that Alexander created an account for himself using my e-mail address on CheapFlightFares.com. I changed the pin so he can’t get into the account any longer. I don’t understand how this works. He had to use his real name as how would an airline let you board if you booked with one name and showed up as someone else?