Cybercrime is no longer just hackers sending phishing emails or small groups running online scams. According to new research from NordVPN’s Threat Intelligence team, cybercrime is becoming industrialized — with large-scale operations running fake stores, cryptocurrency scams, and malware campaigns across thousands of websites worldwide.

The report reveals three major global scam operations that demonstrate how cybercriminals are increasingly operating like technology companies, using automation, infrastructure, and large-scale systems to run fraud campaigns at scale.

Old software vulnerabilities creating new threats

One of the most surprising findings in the report is that attackers are still exploiting extremely old software vulnerabilities. In one campaign, cybercriminals exploited a 15-year-old vulnerability in an outdated web editor tool to compromise more than 1,300 websites, including government, corporate, and research domains.

These trusted websites were then used to redirect visitors to phishing pages, fake online stores, or malware downloads. Because the domains were legitimate, security systems were more likely to trust them, making the attacks far more effective.

Attackers exploit outdated software to compromise trusted websites and redirect users to scams

This strategy shows how cybercriminals are increasingly using legitimate infrastructure to run scams rather than building everything from scratch.

Cryptocurrency scams evolving into identity theft operations

The report also uncovered a large-scale cryptocurrency phishing network involving more than 100 fake crypto domains. The scam begins with emails claiming the recipient has received a large cryptocurrency deposit by mistake.

Victims are directed to fake cryptocurrency platforms where they are asked to log in and later pay so-called “gas fees” to withdraw the funds. In reality, the platforms are fake and the fees are stolen, while attackers also collect personal data for identity theft.

Cryptocurrency phishing scams trick users into paying fake fees and revealing personal data

These scams combine phishing, identity theft, and cryptocurrency fraud into a single operation, making them particularly effective and difficult to detect.

Fake online stores run like businesses

Another operation uncovered in the investigation involved more than 800 fake e-commerce stores built using common website tools like WordPress and WooCommerce. These sites advertise products at extremely low prices to attract buyers, but customers either receive counterfeit goods or nothing at all.

Investigators found that many of these websites were connected to a centralized operation, showing how automation allows a single group to operate hundreds of fake stores at once.

Cybercrime is becoming an industry

The most important takeaway from the report is that cybercrime is increasingly being run like a business. Criminal groups are using automation, software platforms, data analytics, and large-scale infrastructure to run fraud operations efficiently.

Instead of isolated scams, we are now seeing:

• Scam networks
• Fraud platforms
• Automated phishing systems
• Fake e-commerce ecosystems
• Industrial-scale cybercrime operations

This shift means cybersecurity is no longer just about stopping individual hackers — it is about defending against organized digital industries built around fraud.

The future of cybersecurity

As cybercrime becomes more organized and automated, cybersecurity will increasingly rely on AI, automation, and threat intelligence to detect patterns and stop attacks before they reach users.

For individuals and businesses, the biggest risks continue to come from phishing, fake websites, outdated software, and online scams — all of which are becoming more sophisticated every year.

The post Cybercrime Goes Industrial appeared first on Tech Trends.

It might seem counter-intuitive, but the greatest threat to the cybersecurity of your business is likely to come from the inside.

And we’re not talking infiltrated spies eithe. The ones most likely to compromise your security are actually your trusted employees. Without any malicious intent at all, they are often just a few careless mouse clicks away from costing your business a fortune.

Your trusted employees are just a few careless clicks away from costing your business a fortune in cybersecurity breaches
Share on X

Employees harm your business by visiting infected websites, responding to phishing emails, using business email through public Wi-Fi on an unencrypted connection, or something as simple as having one password for access to all business assets and personal accounts. Neglecting cybersecurity can cost companies tens of thousands of dollars, hours of downtime and loss of customers. The most alarming fact is, that cyber attacks happen more than 4000 times each and every day, and can strike the same company several times per year!

Employees harm your business by visiting infected websites, responding to phishing emails or using business email through public Wi-Fi
Share on X

Such attacks are often financially motivated – ransomware, for example – or sometimes directed at obtaining specific data. Confidential business information at stake would include company finance records, customer and employee personal data, or highly valuable (and vulnerable) intellectual property assets.

Preventing cyber attacks is a sound investment considering the high risk and costs involved in recovery from damages
Share on X

Preventing cyber attacks is a sound investment considering the high risk and costs involved in recovery from damages. EveryCloud Spam Filtering has compiled this infographic to provide some insight into how cyber attacks can harm their business and what they can do about it.

The guide explains the main targets of cybercriminals, the role employees play in cybersecurity and the benefits of Cybersecurity Awareness Training. By regularly training your employees, your company will benefit from a security-first awareness that emphasizes prevention, detection, reporting and learning from mistakes.

By regularly training your employees, your company will benefit from a security-first awareness
Share on X

Types of training include

• Classroom training
  Instructors will teach your employees in person, which has the advantage of stronger engagement and the ability for them to ask questions of the instructor, raising relevant concerns and addressing them.
  

• Online training
  The fastest and most convenient, way, these are effective as long as fully completed by employees.

• Visual Aids
  Interactive assistants installed on your employee’s computers. These will actively protect your company and make employees aware of key points where threats can be detected and prevented.

• Phishing campaigns
  Best way to see the current state of security awareness in your business?
  Test your employees with simulated attacks. These will give you and your employees great insight into how to detect attacks, where to report them and learn from mistakes in a controlled manner.
  

Alice Bonasio is a VR Consultant and Tech Trends’ Editor in Chief. She also regularly writes for Fast Company, Ars Technica, Quartz, Wired and others. Connect with her on LinkedIn and follow @alicebonasio and @techtrends_tech on Twitter.

The post Infographic: Cybersecurity Training appeared first on Tech Trends.