Vpn malware

VPN Malware: Are You Buying Your VPN From a Reputable Site?

Last updated on October 19, 2020

Internet users all over the world are increasingly looking at VPNs in order to preserve their online privacy and security. A Virtual Private Network allows you to mask your IP address securing you from the prying eyes of your internet service provider, government agencies or third-party cybercriminals.

Finding the right VPN can be a challenge in itself with many of them offering the world and not delivering. What is of even greater importance than choosing the right VPN is where you purchase your VPN subscription. This is because VPN malware attacks and scams on the internet where cybercriminals create phishing websites in order to trick users into downloading malware.

One such VPN malware incident happened earlier this year with VPN giant NordVPN. Keep reading to find out what happened and how you can protect yourself online.

What are Malware and Phishing Scams?

Malware Scams

Malware tricks users into downloading and installing software which allows cybercriminals to access your personal files as well as track what you are doing on your computer, laptop, tablet, smartphone or even smart TV.

A lot of the time malware scammers might send emails or messages on platforms such as social media. Within the email or message, you will find a random link which is supposedly some sort of news, event or latest trend.

If you click on the provided link chances are that you will be redirected to a fake website that looks legitimate. These websites normally include logos as well as branding of authentic sites you might visit often. There might be small changes made to the websites, which individuals most times do not even notice, or if they do, brush it aside thinking that the website has been updated,

There may be a video on this website for you to watch, but before you do so, you will need to install software to access that particular video format. If you happen to download the software you are automatically infecting your computer with malicious malware.

Other ways of delivering a malware scam can be found on either websites or popups that may have “free” downloads. These can include anything from music, movies, games, or adult site content.

The malware works by installing software on your computer that permits the hacker to access your files and monitor what you do on your device. Scammers often use this information as a means to steal your sensitive data and even commit fraud.

This is particularly dangerous as it can include making unauthorized purchases with your credit card or using your identity to open up bank accounts, or maybe even telephone or energy services. They may even attempt to take out a loan in your name.

Phishing Scams

Scammers will attempt to carry out phishing attacks by tricking you into handing over your personal information including things like passwords, bank account numbers as well as credit card numbers.

A scammer might get in contact with you pretending to be from a legitimate business like a bank, telephone or even internet service provider. They might get into contact with you via numerous platforms like email, phone, text message or social media.

The attacker will then ask for you to confirm or provide personal details. They might say that the bank or organization is confirming customer records following a technical error that has wiped out customer data records.

Other ways include the scammer alerting you to suspicious activity that has been noticed on your account. An example is that an expensive purchase has been made in another country, and they want to verify whether you authorized that payment.

When you say that you didn’t make any such payments, they will likely ask you to confirm your credit card details in order for the bank to investigate. Other timers, the hacker may already have your credit card details, making them sound more legitimate and will as you to confirm your identity by giving your 3- or 4-digit security code found on the card.

Phishing messages are carefully crafted to look like the format used by the organization the scammer is attempting to represent, including things like their logo and branding. Often a link will be included within the message which appears to be completely legitimate but will have a slightly different address.

If you stumble upon a phishing website and aren’t paying close attention to detail you can be robbed of your login and password information. According to the Telegram,

“Phishing attacks are designed to steal a person’s login and password details so that the cybercriminal can assume control of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good.”

Other types of phishing scams include whaling and spear-phishing where the hacker makes their target on a business in order to get their hands on confidential information. To appear legitimate they might use details that are very specific to the business in question that they have gotten from other sources.

Pharming is where a scammer redirects you to what looks like a legitimate website you are visiting but is actually fake. You are redirected to the fake site by way of infecting your device with malware, even when you type in the correct address or click on an already bookmarked link.

Warning Signs of Malware and Phishing Attempts

There are warning signs to look out for such as receiving calls, texts or emails from what appears to be your bank or telecommunications provider. They will ask for you to verify your details, which is something that usually never happens.

The email or text message you receive may not include your name or has spelling and grammatical errors.

You notice that your computer is not performing at normal speeds or there may be new icons on your computer screen which were not there before.

How to Protect Yourself from Malware and Phishing Threats

Never click on links or open attachments from your bank or other organizations that are asking you to confirm your personal details. If you have second thoughts contact the bank or business in question and tell them what has happened. By all means, delete the email.

Check for any possible references to a scam on the internet by doing an internet search which includes the exact wording of the email or message.

Make sure to look for the secure symbol on an internet address. A closed padlock or unbroken key will let you know that the website is secure. Only use “https” websites and steer clear of “HTTP” sites.

If you do get contacted via telephone from an institution that you trust asking for your sensitive information, ask for their name and contact number. With that information, you can contact the organization in question and check the legitimacy of that call.

What Happened with the VPN Malware NordVPN Virus Scam?

Earlier this year it was discovered that cybercriminals had created a website which was a very convincing copy of the one that belongs to a popular VPN service, NordVPN. The cloned website was almost identical and also had a valid SSL certificate allowing it to pass browser security checks.

When users on the fake website were prompted to download NordVPN’s client, the hackers went out of their way to avoid suspicion by installing the real program. What was included with that program was a banking Trojan.

The advanced Nordvpn virus Win32.Bolik.2 Trojan, an improved version of its predecessor gave way to hackers to perform web injections, keylogging, traffic intercepts, as well as steal various information from numerous bank-client systems.

It was found that the hackers behind this attack were focusing mainly on English-speaking users. Unfortunately, thousands of people visited the website and possibly downloaded the Nordvpn virus.

The scariest part of the whole ordeal is that the scammer’s tactics have worked out well and may possibly be used to scam unsuspecting users in the future.

Paul Ducklin, a senior technologist at Sophos says that phishing attacks have become more sophisticated over time.

“Today, many crooks take more time over the details – so why don’t you? Don’t be in a hurry! Find your own way to websites instead of blindly following links, especially if you’re looking for software to download. Use an anti-virus that does web filtering as well as malware scanning. And watch out for emails that you didn’t want for offers that are too good to be true. When it comes to web security, a little patience goes a long way,” he said.

In an official statement, Nord said,

“Online scammers love to pretend to be trusted companies when trying to fool their victims. Because NordVPN is such a widely trusted online security company, scammers pretend to be us as well. They do this to steal users’ money or infect their PCs with malware.

Always double-check information if you have even the slightest suspicion. Also, never give out personal information that has no relation to our services or transfer your money via wiring service. If you have any doubt, always contact NordVPN through one of our official channels.”

NordVPN has let the public know as to what it will never ask of its users.

“NordVPN only sells accounts on its official website. We only sell legitimate NordVPN accounts on our official website: https://nordvpn.com/.

NordVPN won’t send you to the wrong website. Scammers use websites that look like NordVPN’s to scam internet users. The core part of NordVPN’s webpage URL will always be https://nordvpn.com/. The only exception to this rule will be for users buying NordVPN in high surveillance countries that block our core website.

NordVPN representatives will never ask for your password. If someone posing as a NordVPN representative tries to find out your password, they are scammers. Also, be aware of fake password change emails. You should never disclose your password to anyone.

NordVPN won’t use sketchy email addresses. NordVPN official email ends with @nordvpn.com and sometimes @nordvpnmedia.com or @nordvpnbusiness.com.

NordVPN does not make phone calls. NordVPN’s official means of communication are email, the support chat on our website, our official Twitter (@NordVPN), or our official Facebook page: https://www.facebook.com/NordVPN/. Do not trust connections outside of these communication tools.”

Purchasing a VPN from a Trusted Source

Buying your VPN subscription is one of the best ways to ensure online safety for you and your loved ones. Making sure that you purchase your VPN from a legitimate source is something that needs to be taken seriously so as to not fall victim to malware and phishing attacks.

In a study conducted by Intel, it was found that as many as 97% of security experts failed to differentiate phishing emails from genuine emails. Fake websites are also hard to spot unless you know exactly what you are looking for. To remain safe online make sure to look out for the following.securethoughts.com/best-vpn

We recommend ExpressVPN as the most trusted VPN provider to keep you safe from Malware and other viruses.

Check the URL

As mentioned previously make sure the website you are visiting begins with an “https” instead of just “HTTP”. The ‘s’ in the address will mean that the address is encrypted and has been secured with an SSL certificate. Also, make sure to check the spelling of the address and keep an eye out for small changes to the spelling e.g. the address bar reading www.yahoo.com could read www.yah00.com

Read the Content

When it comes to professional websites, it is evident that a lot of work has gone into its design. Spelling and grammar will be correct and images will be sharp, with the whole website being polished and put together.

Whenever you visit a phishing website you may notice that there is a sub-standard feel to the site, spelling mistakes, and an overall dodgy look. A huge red flag indicating that you’re visiting a phishing website is that there is no “contact” tab, which normally would be an independent page providing readers with full contact details of the company in question.

Who Runs the Website?

All domains must register their web address. You can use the free service WHOIS to look up the owner of the site. You might well get suspicious if you find that a well-known firm or organization has had their website active for about a year or so.

Check out Reviews

A quick Google search will allow you to check whether the business or organization is reputable and whether they are who they claim to be. A lot of the time, if a person has fallen victim to an attack online, they will share their experience in hopes that others will not suffer the same fate. Look out for excessive negative customer reviews and keep clear of those sites.

Legitimate Sites Use Trusted Payment Methods

If you are attempting to purchase a VPN or any other product online, you should always be presented with various payment methods which include credit cards, PayPal and even cryptocurrencies. If you can only find one payment method, usually a bank transfer then you should definitely run as fast as you can and not look back.

A reputable site will never ask its customers to pay with this method, indicating that no bank has provided the site with credit card facilities.

There is a Date

Check out the information found on the website. Sometimes there will be informative articles or blog articles found on the site. If a website includes a date, it allows the reader to conclude whether or not the information found on the site is recent enough to be credible. A reputable site will have regular content uploaded and might contain feedback from readers.


Purchasing a VPN is by far one of the best methods to keep your online activity private and away from those who wish to monitor your movements. Where you choose to subscribe to a VPN is just as important as which VPN you choose.

Cybercriminals have successfully found ways to dupe unsuspecting VPN users in the past, by means of using a phishing scam in order to infect their devices with damaging malware. One of the biggest names in the online security industry, NordVPN suffered such an attack. A cloned website attracted thousands of users as soon as it became live, allowing users to download a dangerous trojan.

A reputable website should be well designed, have no spelling and grammatical mistakes, and up to date information including a ‘contact’ section. Additionally, you should always keep an eye out for an “https” website address which indicates that your connection is secure.

Article comments