GoKawiilCustomers of upscale department store chain Nordstrom received fraudulent messages from a legitimate company email address that promoted cryptocurrency scams disguised as a St. Patrick’s Day promotion.
The emails promise recipients to double the cryptocurrency amount deposited to a specific wallet address over the next two hours.
"Send cryptocurrency to any of your unique deposit addresses below, and we'll send you right back 200% of the amount you sent," reads the fraudulent message.
Multiple customers reported on social media [1, 2] that they received such emails. Some said that the message arrived to an address that had never been exposed or leaked online.
By giving recipients only two hours to take action, the threat actor creates a sense of urgency that makes it more likely for Nordstrom customers to rush into the "deal" and fail to notice the signs of a scam, such as the incorrect spelling of the company in the heading, which reads “Normstorm.”
The scam email sent to Nordstorm customers
Source: X
However, any signs of deception could easily be ignored because the emails came from [email protected], an official address the company uses for sending marketing, sales, and promotional communication, indicating a security breach.
Nordstrom did not respond to BleepingComputer’s request for comments on the matter, but customers reported that the company sent out a warning email urging members to disregard the previous message, which was “unauthorized.”
“Nordstrom will never ask customers to transact or otherwise transfer funds using cryptocurrency,” warned the firm in its message to customers. “We are taking immediate action to investigate and address the issue,” the department store said.
... continue reading