Internet only. Never verbally. It could just be a coincidence as I buy quite a lot of models online.
Only noticed when I looked online at my credit card statement(s) and some transactions I didn't recognise (2 in the UK, 1 in the USA). According to the credit card companies, the fraud was done with online purchases too.
You almost certainly have a Trojan or key logger in your computer which is possibly linked to the box shifter's website as this is leaky and a valuable source of card details. Too much of it and no extra security as a result and they will lose their credit card licence.
It is of course possible ( but unlikely ) that the Trojan is on the box shifter's site and is linked to your harvested E Mail address or IP address.
You have not specified your firewall arrangements but they might be worth reviewing particularly if you are operating an older browser.