This Major Department Store Just Sent a Crypto Scam to Its Email List

Customers of Nordstrom are raising concerns after a wave of scam emails—sent from what appears to be an official company address—promoted a fake cryptocurrency giveaway tied to a St. Patrick’s Day “deal.”

The fraudulent message promised to double any crypto sent to a listed wallet within a limited two-hour window, a classic tactic used to pressure recipients into acting quickly.

“Send cryptocurrency to any of your unique deposit addresses below, and we'll send you right back 200% of the amount you sent,” the email read.

Spreading the Word

Reports quickly surfaced across social media, with multiple customers claiming they received the message. Some even got the message on email accounts they say were never publicly shared or exposed, which has raised concerns about how the scam reached inboxes so effectively.

Looks like Nordstrom ("Normstrom" 🫠) had some kind of breach. Emails being sent out from https://t.co/wJpIQOQw48 addresses (via Salesforce from the look of the headers) with a common crypto scam and urgency markers. pic.twitter.com/rSL5s1Kx6A

— Tib3rius (@0xTib3rius) March 17, 2026

One of the biggest red flags was a misspelling in the email header, where the company name appeared as “Normstorm.” Still, the message appeared convincing to many because it was sent from nordstrom@eml.nordstrom.com, a legitimate email domain used by the retailer for marketing and promotional campaigns. That detail suggests the possibility of a system compromise or unauthorized access to Nordstrom’s email infrastructure.

While the size of Nordstrom's email marketing list isn't publicly known, the company did over $15 billion in worldwide sales last year.

Keeping Your Info Safe

Cybersecurity experts warn that scammers rely heavily on urgency to override skepticism. By limiting the offer to just two hours, the attackers increased the likelihood that recipients would act before fully verifying the legitimacy of the message.

While Nordstrom has not publicly responded to the scam, customers report receiving a follow-up email from the company acknowledging the issue and urging them to ignore the earlier message. The retailer clarified that the email was “unauthorized” and reassured customers that it is actively investigating the incident. "We apologize for any inconvenience this may cause," the company wrote.

Nordstrom's email list got caught up in a crypto hack. pic.twitter.com/7B0uTBdKRu

— Mic King (@iPullRank) March 18, 2026

“Nordstrom will never ask customers to transact or otherwise transfer funds using cryptocurrency,” the company warned, per social media screenshots. “We are taking immediate action to investigate and address the issue.”

Phishing and Crypto Scams Becoming Increasingly Common

Founded in 1901, Nordstrom is one of the largest luxury department store chains in the U.S., with millions of customers, roughly 55,000 employees, and annual revenue exceeding $15 billion.

It remains unclear how widespread the scam email distribution was, but some recipients have reportedly already sent cryptocurrency to the fraudulent wallet, highlighting the real financial risks tied to increasingly sophisticated phishing attacks.

As scams involving crypto continue to rise, this incident serves as another reminder for consumers to double-check unexpected offers—especially those involving urgent deadlines and requests for digital currency. Fraudulent offers may also contain misspellings, come from email addresses with strange URLs, and link to pages unaffiliated with the company in that is purporting to be contacting you.

Per Bleeping Computer, the wallets used in the crypto scam shows that the threat actor received a little over $5,600 in cryptocurrency since the emails were sent.

source https://www.mensjournal.com/news/nordstrom-crypto-scam-email-list