Claude AI Chatbot Users Hit by Gift Card Fraud, Losing Hundreds of Dollars

Claude AI offers a $20‑per‑month subscription that lets users tap into Anthropic’s large‑language model for tasks ranging from medical queries to family planning. The service is billed to a credit card linked to the user’s account. Gift‑card fraud occurs when attackers gain control of an account and use its payment method to buy redeemable vouchers, which can then be cashed out or resold.

One user’s wife spotted two unauthorized $200 charges on a credit card statement, with a third $200 attempt blocked by a confirmation prompt. Across the broader user base, victims reported ten separate £18 payments, three €216 charges, and two €225 charges—all appearing as payments to Anthropic. Anthropic confirmed it is rolling out new protections to block fraudulent gift‑card purchases and will cancel subscriptions and issue refunds for any identified scam transactions.

The pattern suggests attackers obtained valid Claude credentials—likely through credential stuffing, phishing, or reused passwords—and then abused the account’s payment profile to purchase gift cards. This mirrors MITRE ATT&CK technique T1078 (Valid Accounts) and the fraud‑specific sub‑technique T1195.002 (Financial Theft: Gift Card Fraud). No public CVE links the breach to a vulnerability in Anthropic’s platform; instead, the abuse stems from compromised user credentials.

- Enable multi‑factor authentication on Claude and any linked email or payment accounts. - Use a virtual or disposable card for subscription services to limit exposure. - Review transaction statements weekly for unfamiliar, low‑value gift‑card purchases. - If a suspicious charge appears, contact the card issuer immediately to initiate a chargeback and request a new card. - Promptly reset passwords on Claude and any services sharing the same credentials. - Security teams should monitor for spikes in gift‑card redemptions from AI‑service accounts and consider velocity‑based detection rules (e.g., more than three gift‑card purchases in 24 hours).