Customers of luxury retail chain Nordstrom were recently targeted by a cryptocurrency scam delivered through what appeared to be an official company email account.
The fraudulent messages promoted a limited-time St. Patrick’s Day offer that promised recipients their cryptocurrency deposits would be doubled if funds were sent to a specified wallet address within a two-hour window.
The email encouraged quick action with wording such as:
“Send cryptocurrency to any of the deposit addresses below and receive 200% of the amount you transfer.”
Reports of the suspicious promotion quickly surfaced on social media, with multiple customers stating they received the message despite using email addresses that had never been publicly shared.
Urgency and Branding Tricks Used to Lure Victims
The short deadline was likely designed to pressure recipients into acting before carefully reviewing the message. Some users also noticed subtle red flags, including a misspelling of the company’s name in the header — “Normstorm” instead of Nordstrom.
Despite these warning signs, the scam gained credibility because it was delivered from nordstrom@eml.nordstrom.com, a domain typically used by the retailer for legitimate marketing communications. This suggests unauthorized access or misuse of a trusted email distribution system.
Company Warns Customers to Ignore the Message
Following the incident, Nordstrom reportedly sent a separate communication informing customers that the promotion was not authorized.
Earlier today Nordstrom emailed its customers with the subject line: “Limited time: We’ll double your cryptocurrency” lol pic.twitter.com/jdyCkWsIIH
— Dylan Abruscato (@DylanAbruscato) March 18, 2026
The retailer emphasized that it does not request cryptocurrency payments from customers and stated it was taking steps to investigate and resolve the situation.
Financial Impact and Possible Entry Point
Although the total scope of the email distribution remains unclear, blockchain activity linked to the wallet addresses involved indicates that scammers collected more than $5,600 in cryptocurrency shortly after the emails were sent.
Industry sources suggest the incident may have involved compromised identity or marketing automation systems, enabling attackers to distribute messages through legitimate communication channels. Similar tactics have been observed in recent phishing campaigns targeting customers of other major brands.
How Customers Can Stay Safe
Consumers are urged to treat unexpected promotions involving cryptocurrency or urgent payment requests with skepticism — even if the message appears to come from a trusted sender.
To reduce risk:
Verify offers by visiting the company’s official website directly
Avoid clicking links or sending funds based solely on email instructions
Report suspicious messages to the organization’s support team
Monitor accounts for unusual activity
Security experts continue to warn that attackers increasingly exploit trusted platforms and legitimate infrastructure to bypass traditional phishing detection methods.
0 Comments