Researchers at NordVPN and TechRadar say three sprawling fraud operations are targeting internet users through a mix of outdated web software, cryptocurrency deception and counterfeit online stores. The findings matter because they show how modern cybercrime often depends less on sophisticated code than on neglected systems, borrowed trust and carefully engineered pressure.
At the center of the first campaign is FCKeditor, a once-common browser-based text editor still embedded in many older websites. According to the report, attackers have used a long-known flaw in the software to compromise more than 1,300 domains, then turn reputable sites into delivery channels for malware, phishing pages and fraudulent retail links.
Old software remains a live security risk
FCKeditor belongs to an earlier era of the web, when content management systems and admin portals often relied on plug-in components that were easy to install and easy to forget. That is the enduring problem with legacy software: once it falls out of maintenance, it does not simply disappear. It stays on university, government and corporate sites for years, sometimes buried in neglected sections of larger systems, where it becomes a stable entry point for attackers.
The flaw cited here, CVE-2009-2265, has been public for a long time. That does not make it harmless. In practice, old vulnerabilities can be especially valuable to criminal groups because many defenders assume the danger has passed, while under-resourced organizations may not even realize the component is still present. When a trusted institutional website is compromised, the fraud gains a powerful advantage: visitors are more likely to click, download or believe what they see.
Trust, not just malware, is the main target
The second campaign shows how little technical complexity is needed when social engineering is strong. Victims receive a message claiming a large bitcoin deposit has been made to a newly created wallet. They are handed login details, shown funds on a counterfeit exchange or wallet page, and then pushed to pay fees or taxes to unlock the money. The trick is old in structure and modern in presentation: create excitement, add just enough plausibility, then put a small payment between the victim and a much larger imagined reward.
That pattern speaks to a broader reality of digital fraud. Criminals do not need people to understand cryptocurrency; confusion can work in their favor. Terms such as gas fees, wallet access and exchange verification sound technical enough to discourage scrutiny, especially when paired with the promise of sudden wealth. The scam succeeds by blending aspiration with urgency.
Fraud at industrial scale
The third operation, involving more than 800 fake e-commerce sites, illustrates how online fraud has become highly repeatable. Using common website-building tools such as WordPress, WooCommerce and Elementor, a single actor can spin up large numbers of convincing storefronts, swap branding and product categories, and create the appearance of a legitimate retail business in very little time. Limited-time offers and steep discounts do the rest.
What makes this significant is not only the number of sites, but the method. Cybercrime increasingly works like a production system: templates, shared infrastructure and recycled design elements let criminals run many scams at once while keeping costs low. For consumers, that means visual polish is no longer a reliable signal of legitimacy.
What the findings suggest for institutions and consumers
Together, the campaigns reveal three persistent weaknesses in the digital environment: unpatched legacy systems, misplaced trust in familiar interfaces and the enduring pull of easy money. Institutions with older web infrastructure face a basic but urgent task: identify abandoned components, remove what is no longer needed and monitor public-facing systems for unauthorized changes. The longer obsolete software remains online, the more likely it is to be repurposed by intruders.
For the public, the warning is equally clear. Unexpected crypto windfalls are not windfalls, and unusually cheap online stores deserve suspicion, not haste. The broader lesson is less about any single scam than about how fraud now operates across connected channels. A compromised university page, a fake wallet dashboard and a polished retail site may look unrelated. Behind the scenes, they are often parts of the same economy of deception.
