Nordstrom customers have been targeted by a cryptocurrency scam that utilized the department store's legitimate email system to send fraudulent messages. These emails, disguised as a St. Patrick's Day promotion, promised recipients a doubling of any cryptocurrency deposited into a specific wallet address within a two-hour window. The scam emails originated from an official Nordstrom email address, [email protected], creating a false sense of legitimacy for the deceptive offer, as reported by Bleeping Computer.The fraudulent messages, which contained misspellings such as "Normstorm," urged recipients to send cryptocurrency to a provided wallet address, promising a 200% return. The attackers exploited a sense of urgency by limiting the offer to two hours. While the exact number of affected customers is unknown, some have reported sending funds to the scammer's wallet, which has reportedly accumulated over $5,600. A source indicated the breach occurred through a compromise involving Okta SSO and Salesforce Experience Cloud, enabling the sending of these scam emails.This incident bears similarities to recent crypto scams targeting customers of Betterment and GrubHub. Nordstrom has issued a warning to customers, stating they will never ask for cryptocurrency transactions and are investigating the breach.Source: Bleeping Computer
Email security, Phishing
Nordstrom customers targeted by cryptocurrency scam via compromised email

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



