Scammers impersonate NordVPN brand to spread malware

NordVPN’s cybersecurity experts have discovered a scam in which hackers are targeting YouTube content creators by impersonating their brand NordVPN. A dedicated team is working to track down the imposters and shut down the attack. Here’s what they know so far.

How the attack works

Scammers pretending to be NordVPN employees or representatives have sent phishing emails to video creators offering to collaborate. Once the perpetrators establish contact with the YouTuber victims, they push them to download a fake app with malware and to offer the malware to their users.

The scammers have even created fake websites, such as and, to take advantage of content creators. There might also be other fake domains that haven’t been discovered yet.

They have also received reports of fraudulent Google ads redirecting users to fake landing pages that contain malware. NordVPN‘s cybersecurity team is working to verify these claims.

Are you at risk?

  • This attack poses no threat to the security of NordVPN’s existing users and infrastructure.
  • The attack may affect people who have downloaded NordVPN’s app from unofficial sources, such as forums or emails.
  • While the phishing scam seems to be directed towards content creators, everyone should stay vigilant and be careful with any suspicious emails.

If you think you might be at risk, you should immediately contact their support team via live chat on their website ( or email at They can verify whether you were contacted by NordVPN representatives or by imposters.

Tips to protect yourself

They are working to shut down the fake domains, track down the imposters, and stop them. However, they ask you to stay vigilant and spread awareness about the scam so other creators and their fans don’t fall into the trap.

  • NordVPN uses only two legitimate domains for YouTube video partnerships: and Closely inspect emails from anyone offering a collaboration on YouTube. If it doesn’t use one of these two legitimate domains, it is probably fake.
  • If you’re not sure if the person who contacted you is a legitimate NordVPN representative, please contact their customer support team via live chat on their website ( or email at They will verify the email if it is legitimate and provide you with any additional information you may need.
  • Be cautious about any suspicious links in your emails. You can hover over a link or right-click on it to see where it leads. If the domain is anything but or, don’t click on it.