CP
cyberpings
FraudHIGH

Fraud - Nordstrom's Email System Used for Crypto Scams

BCBleepingComputer
NordstromOktaSalesforcecrypto scamemail compromise
🎯

Basically, scammers used Nordstrom's email to trick customers into sending them cryptocurrency.

Quick Summary

Nordstrom's email system was compromised to send out fraudulent cryptocurrency scam emails. Customers received these deceptive messages, leading some to send money. The retailer is investigating the breach and advises customers to ignore the scam.

What Happened

Recently, customers of the upscale department store chain Nordstrom were targeted by a fraudulent email campaign. Scammers exploited Nordstrom's legitimate email system to send out messages that appeared to promote a St. Patrick's Day cryptocurrency promotion. The emails promised recipients a 200% return on any cryptocurrency sent to a specified wallet address within just two hours. This urgency aimed to pressure customers into acting quickly, often overlooking warning signs.

The emails were sent from an official Nordstrom address, nordstrom@eml.nordstrom.com, which added to the deception. Many customers reported receiving these emails, some to addresses that had never been exposed online. This indicates a significant security breach within Nordstrom's email system, potentially linked to a compromise involving Okta and Salesforce.

Who's Affected

The fraudulent emails reached a segment of Nordstrom's customer base, although it remains unclear how many individuals were impacted. Some recipients fell victim to the scam, sending a total of over $5,600 in cryptocurrency to the scammer's wallet. This incident highlights the risks associated with email communications, even when they appear to come from trusted sources.

Nordstrom, a retailer with millions of customers and annual revenues exceeding $15 billion, is now facing the fallout from this incident. Customers who received the emails were understandably alarmed, especially since the messages contained glaring errors, such as misspelling the company's name as β€œNormstorm.”

What Data Was Exposed

While specific personal data exposure details are not fully disclosed, the incident raises concerns about the integrity of customer information held by Nordstrom. The fact that the emails were sent from an official company address suggests that the email system was compromised. This could potentially allow unauthorized access to customer data, increasing the risk of further scams or phishing attempts.

Nordstrom has since issued a warning to its customers, advising them to disregard the fraudulent emails and emphasizing that the company will never request cryptocurrency transactions. They are actively investigating the breach and taking steps to secure their systems.

What You Should Do

If you received an email from Nordstrom promoting a cryptocurrency offer, it is crucial to ignore it. Do not send any funds or disclose sensitive information. Always verify promotions by visiting the official Nordstrom website or checking their verified social media channels.

Customers should remain vigilant about suspicious emails, even from known senders. Look for signs of phishing, such as incorrect spellings or unusual requests. If in doubt, contact Nordstrom directly through official channels to confirm any offers or communications. Staying informed and cautious can help protect you from falling victim to similar scams in the future.

πŸ”’ Pro insight: This incident underscores the importance of securing third-party integrations, as breaches can exploit legitimate systems to conduct fraud.

Original article from

BleepingComputer Β· Bill Toulas

Read Full Article

Share

Related Pings

HIGHFraud

Credential Theft - Surge Driven by Infostealer Malware

Credential theft has surged in late 2025, driven by infostealer malware and AI social engineering. Businesses and individuals are at risk. Stronger security measures are essential to combat this growing threat.

Dark ReadingΒ·
HIGHFraud

Fraud - The Rise of Synthetic Identities Explained

Synthetic identity fraud is on the rise, impacting financial and estate sectors. Organizations must adapt to protect against these sophisticated scams. Understanding this threat is crucial for maintaining trust.

CSO OnlineΒ·
HIGHFraud

Fraud - North Korea's Fake IT Worker Scheme Exposed

North Korea's fake IT worker scheme has been uncovered, revealing a network that generates $500 million annually. Companies in various sectors are at risk. Learn how to identify and protect against these infiltrators.

The Register SecurityΒ·
HIGHFraud

Fraud - Inside a Network of 20,000+ Fake Shops

A network of over 20,000 fake shops is stealing consumer data and payment details. These scams have surged dramatically, posing significant risks to online shoppers. Stay alert and protect your information from these deceptive sites.

Malwarebytes LabsΒ·
HIGHFraud

Crypto Scam ShieldGuard - Dismantled After Malware Discovery

The ShieldGuard crypto scam has been dismantled after it was found to be a malicious browser extension. Users of major platforms like Binance and Coinbase were targeted, risking their sensitive data. Experts urge caution with browser extensions and offers of free tokens.

Infosecurity MagazineΒ·
HIGHFraud

Refund Fraud - Exploiting Retailers and Payment Platforms

Refund fraud is becoming a major issue, costing retailers billions. Fraudsters exploit return policies, turning refunds into profit. Understanding these tactics is key to prevention.

BleepingComputerΒ·