What is NordVPN scam, phishing, and malware protection?

Introduction

In this article, you will learn about the NordVPN Scam, phishing, and malware protection features, what they do, how they differ, and which devices support them. You will also find a breakdown of all three features that make up Scam, phishing, and malware protection, and how nexos.ai powers its detection capabilities.

NOTE: Previously known as "Threat Protection Pro™," it is now called Scam, phishing, and malware protection. "Threat Protection" is now called Scam and phishing protection. You may still see the old names in some parts of the app while the update rolls out.

Scam, phishing, and malware protection

Scam, phishing, and malware protection is a NordVPN security feature that guards you against a wide range of online threats - without requiring an active VPN connection. It automatically blocks ads, trackers, and malicious URLs, warns you about fraudulent or scam websites with an in-browser alert, scans your downloads for malware, checks your installed apps for security vulnerabilities, and lets you review and manage any quarantined files. Its detection capabilities are powered in part by nexos.ai, NordVPN's AI partner.

The three main parts that protect you from malicious activities are:

Anti-malware - Scans files for malware upon download, detects double-extension threats, checks apps for vulnerabilities (Windows), and quarantines or auto-deletes malicious files.
Advanced browsing protection - Blocks malicious websites, displays scam and fraud alerts, detects hijacked session attempts, provides search result safety indicators, offers email protection, and checks crypto wallet addresses.
Ad and tracker blocker - Blocks ads, blocks trackers, and cleans URLs of tracking parameters.

Scam and phishing protection

Scam and phishing protection is a DNS-based security feature that blocks ads, trackers, and unsafe domains while you are connected to a NordVPN server. Unlike Scam, phishing, and malware protection, it requires an active VPN connection to function and does not include file scanning, quarantine, or app vulnerability checks. (Unless you are using it on Mobile phones. Then you can use it without having an active VPN connection. )

What is the difference between Scam, phishing, and malware protection, and Scam and phishing protection?

The two features serve overlapping but distinct purposes. Here is a summary of the key differences:

	Scam, phishing, and malware protection	Scam and phishing protection
VPN connection required?	No	Yes
Ad and tracker blocking?	Yes	Yes
Malicious URL blocking?	Yes (real-time, in-browser)	Yes (DNS-based)
File scanning and quarantine?	Yes	No
App vulnerability scanner?	Yes (Windows only)	No
Scam and fraud alerts?	Yes	No
nexos.ai-powered detection?	Yes	No

NOTE: Scam and phishing protection uses DNS filtering, which means protection only applies while traffic is routed through a NordVPN server. Scam, phishing, and malware protection operate at the application layer and are always active, regardless of VPN status.

Which devices support each feature?

Scam, phishing, and malware protection are available on:

Windows 10 (64-bit) and Windows 11
macOS 12 Monterey and newer - sideloaded app only (not available on the Mac App Store version)

Scam and phishing protection is available on:

macOS
Windows
Android
iOS
Linux
Android TV / Amazon Fire Stick
NordVPN Chrome Extension
NordVPN Firefox Extension
NordVPN Edge Extension

NOTE: Windows and macOS users have access to both features. Android, iOS, Linux, and browser extension users can only use Scam and phishing protection. macOS App Store users do not have access to Scam, phishing, and malware protection - switching to the sideloaded version of the app is required.

What happens when a malicious file is detected?

When Scam, phishing, and malware protection detect a malicious file during a download, it quarantines the file and prompts an in-app notification. From the Protection activity view, you can review the quarantined file and choose one of the following actions:

Keep file - removes the file from quarantine and marks its status as ALLOWED.
Delete file - permanently removes the file from your system and marks its status as DELETED.

Quarantined files are automatically deleted after 30 days. If the Auto-delete malicious files toggle is enabled in Advanced settings, files are deleted immediately without being placed in quarantine, and the in-app notification is suppressed.

What is nexos.ai, and how does it relate to this feature?

nexos.ai is NordVPN's AI partner whose technology powers key detection elements within Scam, phishing, and malware protection. This co-branding reflects the integration of AI-driven threat intelligence into the feature's scanning and alerting capabilities.

Additional tips

Learn how to enable Scam, phishing, and malware protection on macOS.
Read our guide on the Anti-malware scanner and file quarantine.
Find out how to resolve Scam, phishing, and malware protection issues on macOS.
Learn how to switch from the Mac App Store version of NordVPN to the sideloaded version.

Was this article helpful?

Still having issues?

Live chat

Contact our support to solve an issue live.
Email form

Fill out an email form so we can help you with an issue.

Email us

Our Support team will get back to you within 24 hours. We’ll reply to the email address you provide.

Attach a file (Optional)

Supported formats: JPEG, PNG.

We couldn’t process your form. Please try again or come back later.

By clicking “Submit”, you agree to our Terms of Service and acknowledge our Privacy Policy.

Thank you! We've got your message and will get back to you within 24 hours.

By clicking “Chat with support”, you agree to our Terms of Service and acknowledge our Privacy Policy. Chat functionality relies on cookies. By starting the chat, you agree to their use. Learn more in our Cookie Policy.

{ "chatTitle": "NordVPN Support", "chatCustomText": { "actionPaymentCompleted": "Payment Completed", "actionPaymentError": "An error occurred while processing the card. Please try again or use a different card.", "actionPostbackError": "An error occurred while processing your action. Please try again.", "clickToRetry": "Message not delivered. Click to retry.", "clickToRetryForm": "Form not submitted. Click anywhere on the form to retry.", "connectNotificationText": "Sync your conversation and continue messaging us through your favorite app.", "connectNotificationSingleText": "Be notified when you get a reply.", "conversationListHeaderText": "My conversations", "conversationListRelativeTimeJustNow": "Just now", "conversationListRelativeTimeMinute": "1 minute ago", "conversationListRelativeTimeMinutes": "{value} minutes ago", "conversationListRelativeTimeHour": "1 hour ago", "conversationListRelativeTimeHours": "{value} hours ago", "conversationListRelativeTimeYesterday": "Yesterday", "conversationListTimestampFormat": "MM/DD/YY", "conversationListPreviewAnonymousText": "Someone", "conversationListPreviewCarouselText": "{user} sent a message", "conversationListPreviewFileText": "{user} sent a file", "conversationListPreviewFormText": "{user} sent a form", "conversationListPreviewFormResponseText": "{user} filled a form", "conversationListPreviewImageText": "{user} sent an image", "conversationListPreviewLocationRequestText": "{user} sent a location request", "conversationListPreviewUserText": "You", "conversationTimestampHeaderFormat": "MMMM D, h:mm A", "couldNotConnect": "Offline. You will not receive messages.", "couldNotConnectRetry": "Reconnecting...", "couldNotConnectRetrySuccess": "You're back online!", "couldNotLoadConversations": "Couldn't load conversations.", "emailChangeAddress": "Change my email", "emailDescription": "To be notified by email when you get a reply, enter your email address.", "emailFieldLabel": "Email", "emailFieldPlaceholder": "Your email address", "emailFormButton": "Submit", "emailLinkingErrorMessage": "Please submit a valid email address.", "errorPrefix": "Error:", "fetchHistory": "Load more", "fetchingHistory": "Retrieving history...", "fileTooLargeError": "Max file size limit exceeded ({size})", "fileTypeError": "Unsupported file type.", "formErrorEntryRequired": "This entry is required", "formErrorInvalidEmail": "Email is invalid", "formErrorNoLongerThan": "Must contain no more than ({characters}) characters", "formErrorNoShorterThan": "Must contain at least ({characters}) characters", "formErrorUnknown": "This doesn't look quite right", "formFieldSelectPlaceholderFallback": "Choose one...", "frontendEmailChannelDescription": "To talk to us using email just send a message to our email address and we'll reply shortly:", "headerText": "How can we help?", "imageClickToReload": "Click to reload image.", "imageClickToView": "Click to view {size} image.", "imagePreviewNotAvailable": "Preview not available.", "inputPlaceholder": "Type a message...", "inputPlaceholderBlocked": "Complete the form above...", "introAppText": "Message us below or from your favorite app.", "lineChannelDescription": "To talk to us using LINE, scan this QR code using the LINE app and send us a message.", "linkError": "An error occurred when attempting to generate a link for this channel. Please try again.", "linkChannelPageHeader": "Sync your conversation", "locationNotSupported": "Your browser does not support location services or it's been disabled. Please type your location instead.", "locationSecurityRestriction": "This website cannot access your location. Please type your location instead.", "locationSendingFailed": "Could not send location", "locationServicesDenied": "This website cannot access your location. Allow access in your settings or type your location instead.", "messageError": "An error occured while sending your message. Please try again.", "messageIndicatorTitlePlural": "({count}) New messages", "messageIndicatorTitleSingular": "({count}) New message", "messageRelativeTimeDay": "{value}d ago", "messageRelativeTimeHour": "{value}h ago", "messageRelativeTimeJustNow": "Just now", "messageRelativeTimeMinute": "{value}m ago", "messageTimestampFormat": "h:mm A", "messageDelivered": "Delivered", "messageSeen": "Seen", "messageSending": "Sending...", "messageTooLongError": "Max message size limit exceeded ({size}).", "messengerChannelDescription": "Connect your Facebook Messenger account to be notified when you get a reply and continue the conversation on Facebook Messenger.", "newConversationButtonText": "New Conversation", "notificationSettingsChannelsDescription": "Sync this conversation by connecting to your favorite messaging app to continue the conversation your way.", "notificationSettingsChannelsTitle": "Other Channels", "notificationSettingsConnected": "Connected", "notificationSettingsConnectedAs": "Connected as {username}", "prechatCaptureGreetingText": "Hi there 👋\nTo start off, we'd like to know a little bit more about you:", "prechatCaptureNameLabel": "Your name", "prechatCaptureNamePlaceholder": "Type your name...", "prechatCaptureEmailLabel": "Email", "prechatCaptureEmailPlaceholder": "name@company.com", "prechatCaptureConfirmationText": "Hi there! I’m the Nordbot AI here to assist you. How can I help you today?", "prechatCaptureMailgunLinkingConfirmation": "You'll be notified here and by email at {email} once we reply.", "sendButtonText": "Send", "settingsHeaderText": "Settings", "shareLocation": "Location", "smsBadRequestError": "We were unable to communicate with this number. Try again or use a different one.", "smsCancel": "Cancel", "smsChangeNumber": "Change my number", "smsChannelDescription": "Connect your SMS number to be notified when you get a reply and continue the conversation over SMS.", "smsChannelPendingDescription": "Check your messages at {number} to confirm your phone number.", "smsContinue": "Send", "smsInvalidNumberError": "Please submit a valid phone number.", "smsLinkCancelled": "Link to {appUserNumber} was cancelled.", "smsLinkPending": "Pending", "smsPingChannelError": "There was an error sending a message to your number.", "smsSendText": "Send me a text", "smsStartTexting": "Start Texting", "smsTooManyRequestsError": "A connection for that number was requested recently. Please try again in {minutes} minutes.", "smsTooManyRequestsOneMinuteError": "A connection for that number was requested recently. Please try again in 1 minute.", "smsUnhandledError": "Something went wrong. Please try again.", "syncConversation": "Sync conversation", "tapToRetry": "Message not delivered. Tap to retry.", "tapToRetryForm": "Form not submitted. Tap anywhere on the form to retry.", "telegramChannelDescription": "Connect your Telegram account to be notified when you get a reply and continue the conversation on Telegram", "unsupportedMessageType": "Unsupported message type.", "unsupportedActionType": "Unsupported action type.", "uploadDocument": "File", "uploadInvalidError": "Invalid file.", "uploadPhoto": "Image", "uploadVirusError": "A virus was detected in your file and it has been rejected", "viberChannelDescription": "Connect your Viber account to be notified when you get a reply and continue the conversation on Viber. To get started, scan the QR code using the Viber app.", "viberChannelDescriptionMobile": "Connect your Viber account to be notified when you get a reply and continue the conversation on Viber. To get started, install the Viber app and tap Connect.", "viberQRCodeError": "An error occurred while fetching your Viber QR code. Please try again.", "wechatChannelDescription": "Connect your WeChat account to be notified when you get a reply and continue the conversation on WeChat. To get started, scan this QR code using the WeChat app.", "wechatChannelDescriptionMobile": "Connect your WeChat account to be notified when you get a reply and continue the conversation on WeChat. To get started, save this QR code image and upload it QR code scanner.", "wechatQRCodeError": "An error occurred while fetching your WeChat QR code. Please try again.", "whatsappChannelDescriptionDesktop": "Sync your account to WhatsApp by scanning the QR code or clicking the link below.\nThen", "whatsappChannelDescriptionMobile": "Sync your account to WhatsApp by clicking the link below.\nThen", "whatsappLinkingError": "An error occurred while fetching your WhatsApp linking information. Please try again." }, "chatCustomScreenReaderAnnouncement": { "supportTyping": "{author} is typing", "supportSays": "{author} says:", "sentImage": "{author} sent an image", "sentFile": "{author} sent a file", "sentCarousel": "{author} sent a carousel", "sentLocation": "{author} sent a location" } }