Your IP: Unknown · Your Status: Unprotected Protected

A scam impersonating NordVPN you need to know about

Aug 20, 2019 · 4 min read

A scam impersonating NordVPN you need to know about

NordVPN’s security team has been made aware of a scam website that has been impersonating our company in an effort to infect victims with malware. While they work on taking the site down, we’d like to help users stay secure by explaining what’s going on.

How the scam works

The scammers have built a replica of our site on the url nord-vpn[.]club (we've inserted the brackets to avoid posting the actual URL). This is not a legitimate URL and we do not use it to conduct business.

The site offers a download of what it claims is our Windows app. In addition to the app, however, users will also be downloading a virus – specifically, the “Win32.Bolik.2 trojan” virus.

“Using this malware, hackers can perform web injections, traffic intercepts, keylogging and steal information from different bank-client systems.” – These insights are from Dr. Web, the team of anti-virus developers who first reported the scam (thank you for your vigilance!).

This means that the virus can monitor virtually anything you do online and steal your online banking information. Under no circumstances should users download the app from this site or even visit it.

What we’re doing to fight this scam

Our team has already taken a few specific steps to eliminate this scam:

  • We are working to get it taken offline. Unfortunately, we aren’t sure when the site will be taken offline because it doesn’t depend entirely on us. However, we’ve already begun the process. In fact, the initial version has been taken down and our team is now monitoring the situation just in case it pops up again.
  • The site has been blacklisted by our CyberSec feature. NordVPN users who turn on our optional CyberSec feature will be unable to visit the site in question. CyberSec works by blacklisting malicious website and preventing users from visiting them when users turn it on. Because this change was implemented relatively recently, it may take a few hours for our CyberSec blacklist to be updated globally for all of our users.

Update (September 10th): This site has been taken down and our security team is on the lookout for other versions. However, we can't guarantee that these or other scammers won't try the same attack in the future. Therefore, read on to learn how to identify and protect yourself from these attacks.

How to protect yourself from similar scams

It’s easy to tell if you’re on NordVPN’s legitimate website. Here’s our real url:

NordVPN's real URL

Here’s the fake scam URL:

The fake NordVPN URL

Our blog has tons of advice on how to identify scams so you don’t become a victim. We even have an article on how to identify an official NordVPN representative so you don’t get scammed online. However, here are some specific tips for this case:

  • Always check the URL. Any user who always checks the URL of the website they’re on will be far more likely to see right through this scam. The URL has been carefully selected to resemble ours, but it’s not. The only time we don’t conduct business on a URL based on nordvpn.com is in countries that block our core website. We use other legitimate URLs in those countries so users can download our apps. If you're not sure whether the website you're on is a legitimate NordVPN website, contact our support team.
  • HTTPS ensures a basic level of security, but not legitimacy. HTTP sites are less secure and can often be a telltale sign of a scam. These scammers, however, have HTTPS enabled on their site, which provides a basic level of encryption and can fool victims into a false sense of security. Fortunately, the HTTPS certificate is not the same as the one on NordVPN’s website. You can click on the lock icon next to the URL when browsing our website to inspect our HTTPS certificate. We use an extended validation SSL certificate self-signed by Tefincom S.A. Then, you can compare this to the certificate of any website that claims to represent us but has a questionable URL. They won’t be the same.

How to make sure your NordVPN app is legit

  • Download it from your app store. If you simply search for “NordVPN” on your device’s app store, the first result is likely to be ours. This isn’t a perfect rule, as the Android and iOS app stores do have fake versions of our apps. However, our team regularly checks them for fakes and reports them. Our legitimate app will also have more downloads and reviews than any of these fake apps. This does not apply for the Windows or Linux apps, which are not offered on their regular app stores.
  • Download it from our website. This goes back to the “check the URL” rule. If you download a side-loaded version of the app or one for a platform whose app store we don’t use, make sure it’s from us. You can find our legitimate downloads here.
  • Contact our support team via email. Users in restrictive countries may not be able to access our core website or their app stores. We offer many ways to contact support, but if you’re in doubt about whether the website you’re looking at is legit, your best bet is to contact us by email at support@nordvpn.com. They can provide you with a legitimate copy of the app of your choice or help you with checking the digital signature for any NordVPN apps you’ve downloaded.

Stay safe! To get cybersecurity and privacy tips once a month from our blog, subscribe below!


Daniel Markuson
Daniel Markuson successVerified author

Daniel is a digital privacy enthusiast and an internet security expert. As the blog editor at NordVPN, Daniel is generous with spreading news, stories, and tips through the power of a well-written word.


Subscribe to NordVPN blog