Your email might be concealing one of these fraudulent attempts
Scammers have levelled up – so you need to be on high alert, according to the Threat Intelligence team at NordVPN.
The award-winning VPN service just lifted the lid on three global fraud operations that are reshaping how criminals operate online and in your email. Hackers are exploiting older software flaws, fake cryptocurrency platforms, and hundreds of fraudulent online shops — all working together to con millions of people worldwide.
"Online scams are evolving faster than ever before," said Domininkas Virbickas, Product Director at NordVPN.
"What once looked like crude attempts to trick a few users has become global, data-driven operations capable of targeting millions."
What this means is scammers aren’t just guessing anymore — they’re using psychology to get inside your head, automation to reach more people faster, and new tech to make everything look real.
The first scam involves criminals taking a step back in time, using a security flaw that's been around for 15 years to break into websites you'd normally trust. The vulnerability sits in FCKeditor, an old web editing tool that was retired over a decade ago. This has led to more than 1,300 high-profile domains being hijacked, including government websites, corporate pages, and research institutions.
Once they're in, the criminals use these trusted sites to spread malware or send you to fake shops in an attempt to steal your personal information. If successful, fraudsters can then use that information to impersonate you and drain your bank accounts.
Mr Virbickas said, "This campaign reminds us that neglecting old technology can create new frontlines in cybersecurity."
The second scam includes an email telling you that someone accidentally deposited 15 Bitcoin into your account — sounding too good to be true.
With nearly two billion email addresses being exposed in data breaches last year, using your email is one of the most popular ways for fraudsters to get a hold of your information.
NordVPN's investigators found over 100 fake cryptocurrency domains running this exact scam. The criminals send out mass emails claiming there's been an "erroneous deposit" and give you login details for what looks like a real crypto exchange.
When you sign in, you'll see a fake balance sitting there. But to withdraw it, you need to "verify" yourself by handing over personal details like your full name and phone number.
Then comes the sting – they'll ask you to pay "GAS fees" or "transfer taxes" to release your funds. These charges are completely made up, and you'll lose both your money and your identity details.
The third scam involves fake online shops — and there are hundreds of them.
NordVPN traced a network of more than 800 fraudulent e-commerce sites back to what appears to be a Chinese-speaking operation. Every single one of these fake stores shares the same support email address, which tells you someone's running the whole thing from one place. The sites cover everything from fashion to car parts to health products, and they're built using popular tools like WordPress and WooCommerce.
What gives them away? Unrealistic discounts designed to make you act fast before you think twice. The investigators also spotted untranslated Chinese characters hidden in the site code.
While online scams like these are constantly cropping up, there are several ways you can actively protect yourself.
First off, it's best practice not to click on unsolicited links promising rewards or unexpected transfers — if it sounds too good to be true, there's most likely a fraudster behind it.
Before buying from any online shop, verify it's legitimate through official channels and payment processors.
You can also employ assistance through NordVPN’s Threat Protection Pro. Built into the company’s premium VPN plans, the feature goes beyond traditional privacy protection by actively blocking malicious websites, scanning downloads for malware, and removing intrusive ads and trackers in real time.
The tool operates continuously — even when the VPN itself is not connected — using a combination of threat intelligence databases and machine learning to detect both known and emerging risks.
Protect your online privacy with a subscription to NordVPN
NordVPN is designed to deliver a secure, high-speed VPN with Threat Protection Pro included in its Plus and Pro subscriptions. This helps block malware, unsafe websites, ads, and trackers for safer everyday browsing. The service also includes a built-in password manager for added security. Plus, you can try it risk-free with a 30-day money-back guarantee.
Protect your email with a subscription to ExpressVPN
Protect your personal information and encrypt everything you do online for just £1.99 with the latest ExpressVPN deal. That equates to just 6p a day for military-grade encryption across 10x devices.
ExpressVPN boasts apps for iPhone, Android, Linux, Windows, Mac, Fire TV, and dozens more to secure your internet traffic from prying eyes, advertisers, and governments. They use tools like ExpressVPN MailGuard, which lets you create disposable email addresses so scammers don't steal the real one.
We praised its speed and reliability in our ExpressVPN review. For a limited time, you'll also benefit from an extra 4 months free with a two-year plan
Given that many of these scams are occurring in email inboxes too, another option is using email aliasing tools like ExpressVPN MailGuard, which lets you create disposable email addresses when signing up for services.
That way, if a site turns out to be dodgy, scammers never get your real email address. You can instantly block any alias that starts receiving spam or phishing attempts.






