How the attack works
Scammers pretending to be NordVPN employees or representatives have sent phishing emails to video creators offering to collaborate. Once the perpetrators establish contact with the YouTuber victims, they push them to download a fake app with malware and to offer the malware to their users.
The scammers have even created fake websites, such as nordguards.com and norddefender.com, to take advantage of content creators. There might also be other fake domains that haven’t been discovered yet.
We’ve also received reports of fraudulent Google ads redirecting users to fake landing pages that contain malware. NordVPN’s cybersecurity team is working to verify these claims.
Are you at risk?
- This attack poses no threat to the security of NordVPN’s existing users and infrastructure.
- The attack may affect people who have downloaded NordVPN’s app from unofficial sources, such as forums or emails.
- While the phishing scam seems to be directed towards content creators, everyone should stay vigilant and be careful with any suspicious emails.
If you think you might be at risk, you should immediately contact our support team via live chat on our website (nordvpn.com) or email at email@example.com. They can verify whether you were contacted by NordVPN representatives or by imposters.
Tips to protect yourself
We are working to shut down the fake domains, track down the imposters, and stop them. However, we ask you to stay vigilant and spread awareness about the scam so other creators and their fans don’t fall into the trap.
- NordVPN uses only two legitimate domains for YouTube video partnerships: nordvpn.com and nordvpn.org. Closely inspect emails from anyone offering a collaboration on YouTube. If it doesn’t use one of these two legitimate domains, it is probably fake.
- If you’re not sure if the person who contacted you is a legitimate NordVPN representative, please contact our customer support team via live chat on our website (nordvpn.com) or email at firstname.lastname@example.org. They will verify the email if it is legitimate and provide you with any additional information you may need.
- Be cautious about any suspicious links in your emails. You can hover over a link or right-click on it to see where it leads. If the domain is anything but nordvpn.com or nordvpn.org, don’t click on it.
NordVPN is taking all the necessary precautions to stop the scam. We will update this post if we discover any other relevant information.