How to avoid getting scammed by fake "1 Year Free Premium NordVPN" sites

Phishing/Scam

Also Known As: "1 Year Free Premium NordVPN" scam website

Damage level:

Get free scan and check if your device is infected.

Remove it now

To use full-featured product, you have to purchase a license for Combo Cleaner. Seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.

What kind of scam is "1 Year Free Premium NordVPN"?

"1 Year Free Premium NordVPN" is a ClickFix scam. It is presented as a cybersecurity questionnaire, upon completion of which users are promised a free NordVPN subscription for a year. It must be emphasized that this scam is not associated with the real NordVPN service.

The goal of a ClickFix scam is to trick victims into executing a malicious script to download/install malware onto their devices. However, it is noteworthy that "1 Year Free Premium NordVPN" could operate in a different manner.

1 Year Free Premium NordVPN scam

"1 Year Free Premium NordVPN" scam overview

The "1 Year Free Premium NordVPN" scam begins with a survey on cybersecurity. This multi-choice questionnaire queries the user on their VPN (Virtual Private Network) usage, reusing passwords, 2FA (Two-Factor Authentication), etc. After its completion, the page claims that the answers mean nothing, as while they were taking it, the website analyzed the user's connection and compiled a full report.

Once the "View Report" button is clicked, the webpage indicates the digital risk score out of a hundred and offers a free VPN service for a year. Clicking the "SET UP PROTECTION" button shows a fake Cloudflare verification page. The user has to complete a checkbox-type CAPTCHA test and then they are presented with the next steps – this is where the ClickFix scam begins.

The victim is first instructed to – "Press & hold the Windows Key + R" – this step is actually the Run command combo. Secondly, they are to – "press CTRL + V" – this is a clipboard paste shortcut. Lastly, the webpage instructs to press "Enter".

If a user completes these steps, they inadvertently paste a malicious script into Run command and execute it – thus triggering the malware download/installation chain. ClickFix scams are used to proliferate all kinds of malicious software, including trojans, ransomware, and cryptocurrency miners.

As mentioned in the introduction, the "1 Year Free Premium NordVPN" lure (a free VPN subscription) could be used in scams that operate differently. Potential modus operandi could include software promotion through standard file download/installation. Aside from malware, endorsed programs could be within the fake antivirus, adware, browser hijacker, or PUA (Potentially Unwanted Application) classifications.

Alternatively, it could be an affiliate scam – wherein scammers seek to obtain illegitimate commissions by abusing the affiliate programs of genuine products or services.

To summarize, victims of scams like "1 Year Free Premium NordVPN" can experience system infections, serious privacy issues, financial losses, and identity theft.

If you suspect that your device is already infected – immediately run a full system scan with an antivirus and eliminate all detected threats.

Threat Summary:
Name "1 Year Free Premium NordVPN" scam website
Threat Type Phishing, Scam, Social Engineering, Fraud.
Fake Claim Users can receive a free 1 year VPN subscription for completing a survey.
Disguise NordVPN
Related Domains nord.digitalexposure[.]icu
Detection Names alphaMountain.ai (Suspicious), Forcepoint ThreatSeeker (Suspicious), Full List Of Detections (VirusTotal)
Serving IP Address 104.21.54.232
Symptoms Malware is designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine.
Distribution methods Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage Stolen passwords and banking information, identity theft, the victim's computer added to a botnet.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.

Download Combo Cleaner

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.

Similar scam examples

We have investigated countless online scams; "Verify You Are A Human (CAPTCHA)", "Something Went Wrong While Displaying This Webpage", "Word Online Extension Is Not Installed", and "Please Install The Root Certificate" are a few of our articles on ClickFix scams.

The Internet is rife with deceptive and dangerous content. Scams use various lures and function in different ways, yet the end goal is the same – to generate revenue at victims' expense. Cyber criminals may profit by proliferating malware, promoting content, selling/abusing sensitive information, and by obtaining funds through deception.

Due to how prevalent scams are on the Web and how well-made they can be – we highly recommend vigilance when browsing.

How did I open a scam website?

"1 Year Free Premium NordVPN" scam has been endorsed via social media spam, specifically – X (more often referred to by its former name – Twitter). However, different endorsement techniques are not unlikely.

In general, online scams are most commonly promoted through websites utilizing rogue advertising networks (redirects), malvertising (intrusive advertisements), spam (e.g., emails, PMs/DMs, social media posts, browser notifications, SMSes, robocalls/ cold calls, etc.), typosquatting (misspelled URLs), and adware (ads/redirects).

How to avoid visiting scam websites?

Caution is essential to ensuring online safety. Therefore, be wary of websites, advertisements, and messages that warn of severe issues or make unbelievable promises. Pay attention to URLs and type them carefully. Do not use sites offering pirated programs/media or other dubious services (e.g., illegal streaming/downloading, Torrenting, etc.), as these webpages typically utilize rogue advertising networks.

Do not enable suspect pages to deliver browser notifications; ignore or block their notification requests. Be vigilant with incoming emails and other messages; do not open attachments or links found in suspicious mail.

Download only from official/verified sources and be attentive when installing (e.g., study terms and options, use "Custom/Advanced" settings, and opt out of additional applications, extensions, tools, features, etc.) – to prevent bundled/hazardous software from infiltrating the system.

If you believe that your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated threats.

Appearance of the "1 Year Free Premium NordVPN" scam (GIF):

1 Year Free Premium NordVPN scam appearance (GIF)

Screenshot of an X post (Tweet) promoting the "1 Year Free Premium NordVPN" scam:

1 Year Free Premium NordVPN scam promoted on Twitter

Instant automatic malware removal:

Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:

DOWNLOAD Combo Cleaner

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.

Quick menu:

How to remove malware manually?

Manual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Combo Cleaner Antivirus for Windows.

If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:

Malware process running in the Task Manager

If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:

manual malware removal step 1Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:

Autoruns application appearance

manual malware removal step 2Restart your computer into Safe Mode:

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.

Run Windows 7 or Windows XP in Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup.

Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings".

Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.

Run Windows 8 in Safe Mode with Networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options".

In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.

Run Windows 10 in Safe Mode with Networking

Video showing how to start Windows 10 in "Safe Mode with Networking":

manual malware removal step 3Extract the downloaded archive and run the Autoruns.exe file.

Extract Autoruns.zip archive and run Autoruns.exe application

manual malware removal step 4In the Autoruns application, click "Options" at the top and uncheck "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.

Refresh Autoruns application results

manual malware removal step 5Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.

You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".

Delete malware in Autoruns

After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.

Search for malware and delete it

Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs.

These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software. To be sure your computer is free of malware infections, we recommend scanning it with Combo Cleaner Antivirus for Windows.

Frequently Asked Questions (FAQ)

What is an online scam?

An online scam is a type of content hosted on the Web that aims to trick users into performing specific actions. For example, victims may be enticed into downloading/installing malware, calling fake support lines, purchasing products, subscribing to services, making monetary transactions, disclosing vulnerable information, and so on.

What is the purpose of online scams?

Online scams are intended to generate revenue for scammers. Profit is primarily made by distributing malware, endorsing content (e.g., sites, software, products, services, etc.), selling/abusing private data, and acquiring funds through deception.

Why do I encounter online scams?

Online scams are predominantly promoted via webpages employing rogue advertising networks, intrusive ads, spam (e.g., emails, PMs/DMs, browser notifications, social media posts, etc.), misspelled URLs, and adware.

Will Combo Cleaner protect me from online scams and the malware they proliferate?

Combo Cleaner can scan visited websites and detect rogue, scam, and malicious pages. It can also restrict all further access to such sites. Combo Cleaner can likewise detect and eliminate most of the known malware infections. Remember that performing a complete system scan is paramount since sophisticated malware usually hides deep within systems.

Share:

facebook
X (Twitter)
linkedin
copy link
Tomas Meskauskas

Tomas Meskauskas

Expert security researcher, professional malware analyst

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats.

▼ Show Discussion

PCrisk security portal is brought by a company RCS LT.

Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

Donate