What happened
Attackers abused Nordstrom’s email system to send phishing emails promoting cryptocurrency scams to customers, using the company’s legitimate messaging infrastructure to increase credibility. The emails appeared to originate from Nordstrom, making them more likely to bypass spam filters and gain user trust. The messages directed recipients to fraudulent cryptocurrency-related content designed to trick them into sending funds or sharing sensitive information. The campaign relied on impersonation and social engineering rather than malware, leveraging a trusted brand’s communication channel to reach victims. Similar scams often involve impersonating well-known companies and pressuring users to send payments in cryptocurrency, a tactic widely associated with fraud campaigns.
Who is affected
Customers receiving emails from Nordstrom’s systems are affected, particularly those who interacted with the phishing messages and were exposed to cryptocurrency scams.
Why CISOs should care
The incident shows how attackers can exploit legitimate email infrastructure to deliver scams, increasing success rates by leveraging brand trust and reducing the likelihood of detection by traditional email security controls.
3 practical actions
- Monitor outbound email systems for abuse. Detect unauthorized use of corporate email platforms to send phishing campaigns.
- Review email authentication controls. Ensure protections like SPF, DKIM, and DMARC are properly configured and enforced.
- Educate users on brand impersonation scams. Reinforce that legitimate companies do not request cryptocurrency payments through email.
For more coverage of crypto-related scams and financial threat campaigns, explore our reporting under the Crypto tag.