Anyone think they can explain this sequence of events after my credit card info got stolen?

My wife calls me up and says she is getting lots of phishing emails. I reassure her it's fine just ignore them. When I get home I look at them and someone is attempting to log into every website under the sun with her account, across the globe. I almost tell her to just delete them all but then I notice one from a retail website for an order. The links in it are legit. I check my credit card and sure enough someone made a real order on this website (and 3 others) with our credit card. So I go to the website to log in as her and cancel the order and reset the password, but she doesn't even have an account on the website. Nor does she on the 3 others. So I just called my CC company and got them to fix it, problem solved. So the bad actor got our CC info, then made an order with the guest checkout *and entered my wife's email when they could have entered anything else*? Why would they do that? It could have taken at least a day for me to notice if they had done any other email. That's question number one. Number two, I read that sometimes these guys will spam your account when they use your credit card so that you won't notice a couple of email receipts hitting your inbox. That's why she got so many other emails. But if that's the case, why did they go to a bunch of websites and generate login verification emails? Why not just send 100 emails from wherever@whatever.com? Anyone know exactly what was going on here?