Phishing Campaigns Masquerading as PepsiCo, OpenSea and Mythical Games

Sophisticated phishing emails impersonating global brands used NFT hype to lure users into connecting their crypto wallets to fraudulent sites.

A familiar brand spewing false promise

It started with an email that looked legitimate at first glance.

“Claim Pepsi Mic Drop #1894,” the subject line read, a formula well-known to crypto and NFT enthusiasts. “OpenSea x Pepsi partnership,” flashed the email’s body; a collaboration plausible enough to at least pique curiosity.

The sender’s address looked genuine too, ending in “@em[.]pepsico[.]com.” The message congratulated me for being “selected” to claim an NFT from Pepsi’s Mic Drop collection. The layout, the logos, and even the typography all appeared legitimate enough to deceive an unsuspecting user.

The call to “connect your wallet,” though, raised the alarm. Although that’s a legitimate request when claiming these so-called “drops,” NFT craze days saw a lot of fake wallet connection requests to make any NFT enthusiast shudder. That’s the very line between curiosity and compromise. Clicking it, purely for research purposes, redirected to a fake domain (micdrop-market[.]com), a near-perfect clone of OpenSea’s interface.

A layered attack disguised as an opportunity

Within hours, more phishing attempts arrived, this time impersonating Mythical Games with a fabricated “FIFA Mystery Player NFT.” The strategy was clear: capitalize on recognizable brands and the ongoing NFT narrative to extract wallet credentials or trick users into authorizing malicious transactions. Curiously enough, the Mythical Games email came from the same spoofed PepsiCo email address.

Bitdefender Ultimate Security immediately flagged and blocked the phishing domain, but the page loaded without resistance on unprotected devices. Maybe a tad slower than the genuine OpenSea website, but otherwise unhampered. The campaign’s timing and thematic consistency suggest an organized attempt to exploit users’ trust in reputable companies.

Lessons from the trap

The key takeaway? NFT scams are far from dead and buried. Even the most polished email can hide malicious intent, so make sure you always verify URLs before clicking, avoid connecting crypto wallets through links in emails and always rely on layered protection.

Cybercriminals thrive on a sense of urgency and legitimacy, two elements that, when combined, can easily disarm even seasoned users.

For anyone uncertain about a message’s authenticity, Bitdefender’s Scamio can help analyze suspicious emails, links, images, QR codes, messages or described scenarios and determine whether they’re scams.