Nordstrom Email System Compromised in Widespread Crypto Scam Campaign

Post Views: 5

Nordstrom Security Breach Allows Unauthorized Party to Send Scam Emails

A recent security breach at upscale department store chain Nordstrom allowed an unauthorized party to send cryptocurrency scam emails to customers from a legitimate company address.

Phishing Messages Disguised as St. Patrick’s Day Promotion

The phishing messages, disguised as a St. Patrick’s Day promotion, promised to double the cryptocurrency amount deposited to a specific wallet address within a two-hour time frame.

Scam Emails Sent from Legitimate Company Address

The scam emails were sent from nordstrom@eml.nordstrom.com, an official address used by the company for marketing and promotional communications.

This suggests that the threat actor gained unauthorized access to Nordstrom’s system, potentially through an Okta SSO compromise that led to a Salesforce breach.

Signs of Deception in Scam Emails

The emails contained a sense of urgency, instructing recipients to send cryptocurrency to a specific address within two hours to receive the promised return. However, the messages also contained signs of deception, including an incorrect spelling of the company name in the heading.

Customer Reports and Company Response

Nordstrom customers reported receiving the scam emails on social media, with some stating that the messages arrived at email addresses that had never been exposed or leaked online. In response, the company sent a warning to customers, urging them to disregard the previous message and stating that Nordstrom would never ask customers to transact or transfer funds using cryptocurrency.

Importance of Verifying Authenticity

The incident is a reminder that suspicious content should be treated with caution, even when it appears to come from a trusted sender address. Customers are advised to verify any promotions by visiting the company’s official website, communication channels, and social media profiles.

About Nordstrom

Nordstrom is a large fashion retailer with millions of customers, 55,000 employees, and an annual revenue of over $15 billion. The company has not commented on the extent of the breach or the number of customers affected.

Possible Link to Other Attacks

The incident may be linked to a recent series of attacks on other companies, including Betterment and GrubHub. The use of a legitimate company address to send scam emails highlights the importance of verifying the authenticity of messages, even when they appear to come from a trusted source.

Importance of Robust Security Measures

In this case, the threat actor’s ability to send emails from a legitimate address was likely the result of a security breach, rather than a phishing attack. The incident serves as a reminder of the importance of robust security measures to prevent unauthorized access to company systems.