Cybercrime is no longer just hackers sending phishing emails or small groups running online scams. According to new research from NordVPN’s Threat Intelligence team, cybercrime is becoming industrialized — with large-scale operations running fake stores, cryptocurrency scams, and malware campaigns across thousands of websites worldwide.

The report reveals three major global scam operations that demonstrate how cybercriminals are increasingly operating like technology companies, using automation, infrastructure, and large-scale systems to run fraud campaigns at scale.

Old software vulnerabilities creating new threats

One of the most surprising findings in the report is that attackers are still exploiting extremely old software vulnerabilities. In one campaign, cybercriminals exploited a 15-year-old vulnerability in an outdated web editor tool to compromise more than 1,300 websites, including government, corporate, and research domains.

These trusted websites were then used to redirect visitors to phishing pages, fake online stores, or malware downloads. Because the domains were legitimate, security systems were more likely to trust them, making the attacks far more effective.

Attackers exploit outdated software to compromise trusted websites and redirect users to scams

This strategy shows how cybercriminals are increasingly using legitimate infrastructure to run scams rather than building everything from scratch.

Cryptocurrency scams evolving into identity theft operations

The report also uncovered a large-scale cryptocurrency phishing network involving more than 100 fake crypto domains. The scam begins with emails claiming the recipient has received a large cryptocurrency deposit by mistake.

Victims are directed to fake cryptocurrency platforms where they are asked to log in and later pay so-called “gas fees” to withdraw the funds. In reality, the platforms are fake and the fees are stolen, while attackers also collect personal data for identity theft.

Cryptocurrency phishing scams trick users into paying fake fees and revealing personal data

These scams combine phishing, identity theft, and cryptocurrency fraud into a single operation, making them particularly effective and difficult to detect.

Fake online stores run like businesses

Another operation uncovered in the investigation involved more than 800 fake e-commerce stores built using common website tools like WordPress and WooCommerce. These sites advertise products at extremely low prices to attract buyers, but customers either receive counterfeit goods or nothing at all.

Investigators found that many of these websites were connected to a centralized operation, showing how automation allows a single group to operate hundreds of fake stores at once.

Cybercrime is becoming an industry

The most important takeaway from the report is that cybercrime is increasingly being run like a business. Criminal groups are using automation, software platforms, data analytics, and large-scale infrastructure to run fraud operations efficiently.

Instead of isolated scams, we are now seeing:

• Scam networks
• Fraud platforms
• Automated phishing systems
• Fake e-commerce ecosystems
• Industrial-scale cybercrime operations

This shift means cybersecurity is no longer just about stopping individual hackers — it is about defending against organized digital industries built around fraud.

The future of cybersecurity

As cybercrime becomes more organized and automated, cybersecurity will increasingly rely on AI, automation, and threat intelligence to detect patterns and stop attacks before they reach users.

For individuals and businesses, the biggest risks continue to come from phishing, fake websites, outdated software, and online scams — all of which are becoming more sophisticated every year.

The post Cybercrime Goes Industrial appeared first on Tech Trends.

By Daniel Markuson, Digital Privacy Expert at NordVPN.

422.49 billion spam emails are sent worldwide every day. This number also includes phishing, sextortion, advertising, and finance-related scams. Most people can already spot the traditional spam messages that claim they have won a new Lamborghini or inherited a million dollars, so spammers are finding new creative ways to trick people into giving them money or information.

There has been an increase in the numbers of SMS spamming attacks known as smishing
Share on X

With so much personal data available out there, it is much easier for criminals to customize all kinds of scamming attempts – from simple spam, to much more advanced phishing or extortion. These emails, messages, and websites often seem so real, and provide such a high level of detail, as to make even the most cautious person susceptible to falling into a trap.

A few months ago, a massive smishing attack produced tens of millions of fake SMS messages, inviting the recipients to go on fake websites
Share on X

A New Era of Smishing

Recently, there has been an increase in the numbers of SMS spamming attacks, known as “smishing” where scammers try o steal people’s personal information or credit card details. They do this by initially sending text messages designed to look like they come from a bank, an employer, or an official governmental institution.

422.49 billion spam emails are sent worldwide every day
Share on X

A few months ago, a massive smishing attack produced tens of millions of fake SMS messages, inviting the recipients to go on fake websites. The texts were generated by a spam-sending database run by a company called ApexSMS. Interestingly, the system was able to detect when people messaged back using keywords such as “report” and “FCC. These phone numbers were added to a special list of contacts that would not be used by the fraudsters again. However, you should bear in mind that responding to these kinds of texts may leave you vulnerable to identity theft because if you contact the hackers, the hacked phone transmits your sensitive data stored on it.

Responding to a text can leave your phone vulnerable to being hacked
Share on X

As investigators later discovered, the database contained around 80 million records. They included people’s names, phone numbers, carrier network names, IP addresses, and even locations. Out of the 38 million texts. that were sent during the attack, 2.1 million people clicked on a link in the fraudulent message. Luckily on this occasion, the scammers used an unprotected server, which experts discovered in time to stop the attack.

Scammers are abusing Notifications and Push APIs on Android devices
Share on X

Fake Missed Calls

Besides SMS frauds, scammers are now abusing the Notifications and Push APIs on Android devices. These two APIs are used to push notifications on mobile phones to re-engage users. An application or server can push them even if the app is not running. The problem is, the API allows scammers to make their notifications look identical to a legitimate app. For example, they can create fake alerts customized to look like a missed phone call.

Scammers aim to take advantage of well-known applications by creating false alerts using the looks of popular apps
Share on X

One of the ways scammers exploit the feature is using Google Chrome to push messages to mobile phones. To hide their origin, the Google Chrome icon is changed into a “Missed Call” notification. When this happens, one message informs the scammers that they can hack the phone. Another one shows a missed call from a medium called Esmeralda.

Once users press the fake push notification, their phones get hacked
Share on X

Scammers aim to take advantage of well-known applications. They create false alerts using the looks of popular apps. This confuses mobile phone users. Once they press the push notification, their phones get hacked. Thus, before pressing the notification, it is important to pay attention to the message that it contains and think if it is actually related to the nature of the app.

While fraudsters are becoming more creative, it is still possible to save ourselves from their attacks by becoming more aware of the latest scamming techniques
Share on X

Phishing with legal threats

Another new strategy that creative spammers are now using is lawsuit emails. They send fake emails, which claim that the recipient is being sued and request to open and read the attached fraudulent documents and respond within seven days.The scammers use the names of existing law firms and falsify their email addresses. Most of the time, they target the employees of big companies. Around 100,000 businesses have been attacked to date — mostly in Canada.

Around 100,000 businesses have been attacked to date with legal threat phishing scams — mostly in Canada
Share on X

Steps anyone can take to protect themselves

While fraudsters are becoming more creative, it is still possible to save ourselves from their attacks by becoming more aware of the latest scamming techniques. Then, it is crucial to check the messages, phone calls, and emails you receive before opening them. These are the basic but important steps in protecting ourselves handing our personal data to scammers.

The post Expert View: Spam and Phishing Trends appeared first on Tech Trends.