I use an email alias system to create a unique email address every time I sign up for a site.

Today, I started receiving unusual email on one of those addresses. My credit card provider also let me know that someone was trying to use my credit card to book airfare. I know exactly which site my data leaked from since I used a unique email alias to register for that site. I contacted that site and told them they’ve been breached.

I also called my credit card company. They’re reversing the charge and issuing me a new card.

I’m still worried because I’m receiving lots of “here’s your login code” and “new user registration” emails at the alias address. I can just kill the alias and I won’t receive these messages again, but I’m interested in seeing what they’re up to. Can these messages still be used for nefarious purposes? I obviously don’t click links in any emails I don’t recognize, and access to my main email account is secured behind three-factor authentication, so I don’t see how someone would actually be able to retrieve one of these login codes.

Since the genius who used my credit card number tried to book a flight, I also have her name and a 50-50 shot at her location. Should I report her to local authorities?

I’m in the US.