Cybercrime is no longer a scattered, opportunistic activity, it’s becoming an industry. A new report highlights how large, coordinated cybercriminal networks are scaling deception in ways that put millions of internet users at risk.
Researchers from NordVPN’s Threat Intelligence unit and TechRadar’s security team have uncovered multiple global campaigns that exploit outdated software, human psychology, and the growing appeal of quick financial gain. Together, these operations reveal a troubling shift: cybercrime is evolving into a structured, almost corporate-like ecosystem.
One of the most striking findings centres on FCKeditor, a once-popular web-based text editor embedded in websites during the early 2000s and 2010s. Although it is no longer maintained, it still exists on many high-value websites today. This lingering presence has made it a prime target for attackers.
By exploiting a long-known vulnerability (CVE-2009-2265), criminals have been able to infiltrate more than 1,300 trusted domains, including government portals, universities, corporate platforms, and research institutions. Once inside, they repurpose these legitimate sites as launchpads, redirecting visitors to phishing pages, distributing malware, or manipulating search engine results to spread fraudulent content.
This tactic is especially dangerous because it weaponizes trust. Users are far more likely to click links or engage with content when it appears to come from reputable sources.
Another campaign uncovered in the report focuses on cryptocurrency scams, executed with a high level of sophistication. Victims receive emails claiming they’ve received a large crypto deposit, often something like 15 Bitcoin, into a newly created wallet. The message includes login details and a link to what appears to be a legitimate exchange.
Once inside, the victim sees the “funds” but is told they must first pay transaction fees or taxes to access them. These payments, of course, go straight to the attackers. The illusion is convincing enough that many victims comply, only realizing the scam once their money is gone.
Investigators identified more than 100 active domains supporting this operation, underscoring how organized and scalable these schemes have become.
The third campaign is perhaps the most expansive: a network of over 800 fake e-commerce websites spanning categories like fashion, automotive products, and health goods. Built using widely available tools such as WordPress, WooCommerce, and Elementor, these sites mimic legitimate online stores with alarming accuracy.
They rely on urgency and irresistible deals, limited-time offers that seem too good to pass up. In the rush to secure a bargain, victims lower their guard and complete purchases for products that never arrive.
What’s particularly notable is that this entire network appears to be operated by a single actor, using automation and templated site creation to manage hundreds of fraudulent storefronts simultaneously. Shared digital fingerprints and hosting patterns helped researchers trace the operation and reveal its scale.
Taken together, these campaigns paint a clear picture: cybercrime is becoming industrialized. Attackers are no longer just hackers, they are system builders, leveraging automation, scalability, and psychological manipulation to run full-scale fraud operations.
For everyday users, this means the stakes are higher than ever. Trusted websites can no longer be assumed safe, unbelievable offers should always be questioned, and any request involving money, especially cryptocurrency, deserves careful scrutiny.
As these networks continue to evolve, awareness may be the most important defence.
