“Person Who Hacked My Credit Card Emailed Me Asking Why I Cancelled His Flight”

It’s a good idea to check your credit and debit card accounts for activity rather than waiting until the end of a statement period. Even though you’re not supposed to be liable for charges you didn’t make, finding out early that your card has been compromised will put you in a much better position – especially with a debit card, where cash has already left your account.

The same holds true for frequent flyer miles. Using a service like AwardWallet to notify you of balance changes daily makes your account far more secure than logging into your account irregularly. When you see miles drained, you know something is wrong and can act – before the person who stole your miles can travel, hopefully!

One person who had their credit card hacked notice a charge for a flight. They called their bank right away to cancel the card account number, and they went ahead and cancelled the flight while it was still during its 24 hour free refund period. The person who used their stolen card texted their frustration over not being able to use the tickets. Their travel, they said, was important!

My credit card was hacked. I think the guy did it by hacking my gmail account. Because he signed up for Priceline, with the login with gmail button.

I called my bank and canceled it. I logged into Priceline to see if I could get any information about the person who booked the flight. I saw I could cancel it for no charge. So I did because it was going to be faster to get a refund from Priceline than my bank.

Two days later I got this email. It had his photo and phone number. It matched the name on the flight too.

Person who hacked my credit card emailed me asking why I canceled his flight.
by u/AshesfallforAshton in mildlyinfuriating

Most credit card fraud doesn’t happen the old fashioned way, with one person stealing another person’s card number directly (or even really knowing whose card it is). Most of the time there’s a massive data breach (millions of card numbers!), there’s a number generator being used to come up with card numbers and this works especially well with brand new types of cards (so there’s a limited number of expirations to try), or through creation of synthetic identities that get approved for cards.

Swiping your card number at a restaurant, or even card skimmer at a gas station, or grabbing something out of the mail is pretty old school. Here the card thief knew whose card it was which had been stolen in order to contact the victim even. That’s a bizarre strategy, since it only helps give away the identity of the person using the stolen card. But in many jurisdictions like my home town of Austin where the police have quiet quit, good luck getting law enforcement’s attention.

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community InsideFlyer.com, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »


  1. One possible explanation: the real hacker sold someone a ‘discount’ fare and when it didn’t work out told the buyer to contact someone else.

  2. Or the hacker has a highly developed sense of entitlement and lots of chutzpah!

  3. Check if your CC company allows a notification when the card is not present, I know Amex and Chase have that option, so every time I use my CC for an online or phone transaction, I get an email right away.

  4. I’m going to agree with Chris here–the person on the ticket is not the hacker, but rather someone duped into buying a “fake” ticket. He needs to take this up with whatever means he used to pay for the ticket as the actual hacker is almost certainly beyond law enforcement’s reach.

  5. Why do you keep using “they” and “their” instead of he and she? Is this some silly leftist pronoun thing or can you just not write English properly?

  6. Because the original author on reddit did not provide his or her gender, so Gary went with the netural singular they/their, a convention that’s been used in English for many decades. Pretty rich for a Chinese person (from the province of Taiwan, given your name’s romanization) to be complaining about a native English speaker’s writing hm? How much money do you make? This blog makes 7-8 figures in annual recurring revenue.

  7. Not long ago someone ran up over $18,000 of multiple tickets on multiple US and foreign airlines on a single day on a credit card of mine, which was thousands more than the credit limit set for the card. Noticed when checking for something else on the next day. All were refunded after fraud claims filed. Must have been someone selling expensive tickets to others.

  8. LOL I’m a native English speaker, and the redditor did in fact identify the gender of the scammer.

    Also, don’t refer to Taiwanese people as “Chinese”, unless you wish to show your ignorance off to the world (Which I suspect you do whenever you open your mouth anyway)

  9. @Chi Hsuan
    > Why do you keep using “they” and “their” instead of he and she? Is this some silly leftist pronoun thing or can you just not write English properly?

    Because it’s the proper English in this case. Third person unknown gender uses they for singular as well as plural. It’s not a common use case but it’s the only correct one here.

  10. @Chi Hsuan – Honestly I’m not sure why you’re making such a big deal over this. I haven’t read the reddit post and don’t intend to. The “rule,” such as it is, doesn’t require that one exhaust all possible avenues in search of the correct gender before resorting to “they.” The gender is unimportant to the story, is not readily apparent from the material presented here, and so the use of “they/their” as the singular/gender-unknown pronoun sounds correct to me (and, clearly, many other readers).

  11. I had something similar happen. I was just sitting at my computer minding my business when I received an email that my IHG account information had been updated.

    Being no slouch I was on the phone contacting IHG support as soon as I could. I won’t get into the details of the whole “gong show” I went through, but to keep the story short, in the time from when I had the alert and finally talked to someone, whoever had hacked my account had made a reservation for a hotel in the UK. Thanks to Google Fi calling the UK is free, so I thought what the heck, I’m going to call the hotel and see what was going on?

    There was a hilarious exchange due to accents (UK VS TX). I started out by asking if someone had checked in under my name. Which got funny when I told the night manager that it was impossible as I was in Texas. As it was there was a person…. who had checked in with my name under “my” reservation with no credit card, ID, or anything other than saying my name. The hotel manager said if I can prove my details they will send security up to the room and ask for proof of ID. So a couple of emails later the person had, literally, a rude awakening as the hotel asked for ID and when he couldn’t provide it, walked him out.

  12. @Potsey- did you have the old 4 digit pin that’s easy to guess? I just updated mine to a more secure password after reading this thread, but IHG still let me use the 4 digit insecure pin all these years…

    @Chi Hsuan- nope, the gender of the OP is unknown, so it’s completely correct to use “they” and “their”. Technically, since the scammer’s gender is known, you could say “His travel” rather than “Their travel”, but that would sound awkward after using “they” throughout the rest of the post.

Comments are closed.