Receiving fake support emails about my account

On 11/28/21 I received a fake email from support@wyze stating: Oh no, your payment failed! Quick! Your Cam Plus Yearly subscription will be deactivated in 12 days if your billing information isn’t updated.
The message had the correct last four digits of the card I used to sign up for the yearly subscription, but the wrong renewal date. I received three emails like this on November 19th, 22nd, & 28th before an actual charge was made on my card on 12/04/21.

On 12/04/21 someone was able to charge my card for $14.99 which I caught because of a notification from the credit card. I had the card replaced and the $14.99 refunded. I changed my password and email address. I use two factor authentication on my account, however, someone was still able to get my credit card information and use it on Wyze.com for a $14.99 purchase.

I will be using virtual cards from here on in to purchase anything from Wyze, however, that doesn’t change the fact that someone had/has access to my account.

Has anyone else faced a similar problem?

I would reach out to Security@wyze.com to let them know what is going on. They can potentially look into this for you.

I believe the Authentication is only when you log onto Wyze. If you are already logged in, I don’t believe it authenticates each time you do something. But Security should know.

Interesting I change my password every quarter to be on the safe side.

Nothing sounds wrong here? Other than what you think was the wrong renewal date, it sounds like Wyze warned you about a failed payment and eventually charged you. What leads you to think the support e-mail messages were fake? Did you review the headers?