Top 8 VPN Scams (How to Protect Yourself)
With hundreds of VPN providers on the market, you have to wonder – how do you know which ones are legit anymore? It seems like new ones pop up every day, and the odds of them being VPN scams are pretty big.
That’s exactly why we put together this 12-minute article – to tell you which scams you need to watch out for, answer related questions, and offer you helpful tips.
What Are the Most Common VPN Scams?
There’s quite a lot of them, unfortunately. We went ahead and researched the most common things people looking to use a VPN complained about and called scams. After all that, we came up with this list of the eight most common VPN scams:
1. Third-Party Sellers
A third-party seller is when a website tries to convince you to buy a VPN subscription through them. Or when an independent merchant sells VPN subscriptions on platforms like eBay.
The problem is obvious – it’s hard to tell if the subscriptions are legit, or if the VPN provider endorses this. Take this offer for example – it claims you can buy a three-year NordVPN account for just $12. If the link takes you to a different offer, the scammer probably changed the initial one, so we took a screenshot to be safe.
Here’s why that’s very likely a scam:
- A three-year NordVPN subscription costs about $3.52/month billed at $126.86 per year. That’s the pricing displayed to us when we access the pricing page right now. That offer claims you can save over $100 by just paying $12 once.
- The seller had an offer for five-year accounts too. That’s pretty weird considering NordVPN has three-year subscriptions max, not five-year ones.
- The item description claims you’ll get a NordVPN “Premium” account. Well, there are no “premium” accounts with NordVPN, just regular NordVPN accounts.
- If you check the “See all” link to the item description, you’ll get a text that screams “I’m a scam!”
We actually reached out to NordVPN to ask them about this, and their customer reps were friendly enough to answer our questions.
According to them, offers like that are likely for stolen accounts. If you buy one, you might get scammed, or you might be able to use it if it has an active subscription. But that won’t last long because stolen accounts get terminated fast.
Of course, not all third-party sellers are scams. Some websites might have permission from the VPN provider to sell subscriptions through their platform. Providers will normally mention that on their blogs or in their newsletters, or you can just ask them if you have doubts. Though, we still recommend getting your subscription through the VPN’s official website.
2. Lifetime Subscriptions
Like the name implies, a lifetime subscription means you pay a price one time (like $50-$100 or less) and get a VPN for life. The VPN provider either sells the lifetime account through their website, or they let third parties sell it for them.
Sounds too good to be true?
That’s because it usually is. If a VPN service constantly offers lifetime account deals, you’re looking at an unsustainable business model. Running a VPN isn’t cheap, after all – just renting a good 1Gbps server will usually cost over $1,000 per month. Not to mention they need to pay their staff too.
Basically, with lifetime accounts, they won’t have any recurring revenue to rely on in the future.
Plus, some VPNs use lifetime accounts to make a quick buck, and then they close up shop. That happened with DissembleVPN apparently. They offered lifetime accounts for only $13 – non-refundable, of course. After raking in enough dough, they shut down the company, probably moving on to the next scam on their list.
And when the people who run lifetime VPN scams don’t run away with your money, they instead revoke your “lifetime” privilege. That’s exactly what happened to VPNLand users. They paid for a lifetime account, and the provider converted them to premium subscriptions with recurring invoices after two years.
According to this Reddit user, VPNLand’s argument for doing that was that the subscription was bought through a third party, not them.
And it gets better – well, not for VPNLand customers. Another user in the thread said VPNLand got back to them regarding their complaint. The provider managed to justify their actions with a loophole that would make even the most heartless lawyers proud:
“Just fyi. A ‘lifetime’ account does not mean it will be valid till someone dies. It could be anyones lifespan – such as a cat, or lifespan of a hardware.”
Truly amazing stuff.
PLEASE NOTE – There are exceptions when it comes to lifetime subscriptions. Not every one of them is a scam. Some providers might actually offer them for a limited time period when they launch their service, a new feature, or paid subscriptions, or when they want to promote their brand and increase their client base.
Windscribe did that for example, and the service is legit. They also have an article on their blog explaining how such an offer benefits providers.
3. Dead VPNs
These are discontinued VPN services whose websites continue to operate. Basically, the service no longer works, but you can still buy it.
EarthVPN is a good example. The service is officially shut down, but the website is still running. All the marketing copy is there, and the checkout process works. You can still find online deals for a subscription if you google them, and some review sites still have active links to EarthVPN’s subscriptions.
However, according to customer reviews, the servers don’t work anymore, and nobody is answering support tickets. So there’s a good chance the service shut down silently.
Well, if money keeps rolling in, why stop that by coming clean?
If you fall for a dead VPN and buy a subscription, you can say goodbye to that money. You won’t get any VPN service, and there’s nobody there to process your refund requests. Plus, an unsecured website will have your payment details.
4. Fake VPNs
These are made-up VPNs – so “services” claiming to offer VPN functionality which, in reality, don’t work at all. Sometimes, they don’t even exist.
Usually, scammers use phishing attacks and stolen databases to promote fake VPNs. MySafeVPN is a good example. The scammers claimed the “VPN” was associated with big names like Plex and Boxee to gain the trust of the people they emailed.
MySafeVPN eventually disappeared from the web when Vice started investigating it – but not without getting away with some money first.
Here’s another example of a made-up VPN – Mobile protection :Clean & Security VPN. The typos aren’t from us. That’s how the scammer named the fake service.
And it was definitely a fake VPN. There was no company behind it – just an independent dev. The app also had a vague description that reeks of made-up stuff – features like “scan for duplicate name” or “Device Analyze” that doesn’t really mean anything.
Apple eventually deleted the fake VPN, but not before it managed to make around $80,000. It managed that thanks to a free trial offer that required Touch ID authentication, and a fine print that said you’ll pay $99 for a seven-day subscription.
Yeah, clearly normal VPN pricing for such a “real” service.
5. Malicious VPNs
Some VPN scams make money off of you in more subtle ways – by using malware, to be precise. The devs don’t take your money and run, but they expose you to ads, and steal sensitive data from you.
And that happens quite often. In fact, according to research, 38% of Android VPN apps contain malware. It’s not exactly ransomware, but the kind of malware that will still expose you to ads (potentially malicious) and spy on you.
What’s more, another security researcher found that four very popular Android VPN apps (with a total of 500+ million downloads together) contained adware.
We did a bit of digging of our own. We heard from VPN users that VPN Proxy Master has malicious behavior too. So, we downloaded the installation files for their Windows Beta client, and used VirusTotal to scan them. Here’s the link to the results we got.
Just one malicious file detected, but that’s still concerning. Googling the file’s name reveals it can be a kind of Trojan or another virus that freezes computers, spams desktops with pop-up ads, and exhausts computer resources.
6. Free VPN Scams
When free VPNs aren’t exposing you to malware, they are harming your privacy in other ways. After all, how can a VPN truly be completely “free”? The service has to make money somehow to support its network of servers and their staff.
And they do make money. It’s just that you become the product in the end, not the VPN. Here’s what can happen if you fall for free VPN scams:
- The service could sell your bandwidth, basically adding your computer to a botnet.
- The VPNs can use tracking libraries to monitor your usage and data, and sell all that information to advertisers.
- The VPNs won’t properly encrypt your data to protect your privacy – either because the devs didn’t configure the service well, or because the VPN doesn’t use encryption to begin with.
- The service will spam you with annoying ads (which might or might not be malicious), or redirect your browser to eCommerce websites which are partnered with the VPN provider.
Like lifetime VPN scams, though, there are exceptions to this rule too. Not all free VPNs are scammy, shady, or malicious. Some are actually pretty decent services, and their business model works because they offer an optional paid service. If you need help finding a free VPN you can trust, check out our guide.
7. Fake Claims
By fake claims, we’re referring to VPN providers that use marketing copy to boast that they have the “fastest speeds” or that they “don’t keep any logs.” However, in reality, they don’t offer any of those perks.
Okay so not exactly a full-on scam, but this isn’t harmless false advertising either. Sure, you might get your money back in the end, but the VPN provider will still waste your time and damage your trust in VPN services in general.
Here’s a quick breakdown of the kinds of exaggerated claims you might see when dealing with VPN scams:
- Complete anonymity – There really is no such thing as “being anonymous” on the Internet. A VPN can help you better protect your privacy, yes, but it won’t stop websites from tracking you with cookies or your ISP from knowing personally identifiable information about you. A VPN provider that keeps spamming you with mentions of “anonymity” when trying to sell you their services is a red flag because they’re likely trying to make up for their poor service.
- Fastest servers – If you see stuff like “fastest VPN in the world,” you’ll be looking at a marketing scam. VPN speeds vary depending on numerous factors (encryption, server distance, your CPU, etc.). In fact, if you use a speed test (like Fast.com or SpeedTest), you’ll see that many of the providers who make claims like that offer mediocre speeds.
8. Fake Reviews
We also consider these to be VPN scams since fake ratings actively mislead consumers, making them pay for a fake VPN service or a VPN infected with malware. Or just simply a bad service.
And fake reviews on app store are a real thing, and it’s really not a secret.
Even the fake Mobile protection :Clean & Security VPN app had a lot of positive reviews that just looked fake.
But there’s more. According to research, Yoga VPN has six dangerous permissions that violate your privacy. Yet, its Google Play page is full of positive reviews. Check out VPNVast too. Tons of shady 5-star ratings, and a few 1-star ratings calling it a scam buried beneath them.
The truth is that VPN scammers (or any scammers, really) have an easy time faking reviews – especially on app stores. Here’s what they can do:
- Use a VPN or proxy to hide their IP address, a virtual machine to change their OS on the spot, and a burner email address (like GuerrillaMail) or privacy-focused email service (like ProtonMail) to spam the app with good ratings.
- Use a service like MobiASO which offers fake reviews for money. Their plans include 5-star reviews alongside normal reviews.
- Hire freelancers on platforms like UpWork or Freelancer to write and/or give fake reviews.
Are Yearly VPN Subscriptions a Scam?
Alright, so we saw people on Reddit and in the comment sections of VPN review sites say that yearly subscriptions are also VPN scams. They base that on the fact that the provider advertises a low price per month (like $3-$5) but charges you for the whole year (so $36-$60 in this case).
So here’s the deal – these kinds of subscriptions and sales copy are not scams. They are perfectly normal, and are just plain old marketing.
Pretty much all industries do that, and it’s usually an effective sales tactic. You’re more likely to buy the service since you feel like you’re getting a great deal, and you don’t need to worry about monthly payments.
Really, the only way this would feel like a scam is if the provider uses false advertising. For example, they advertise their prices everywhere as just $3 per month with absolutely no mention of yearly subscriptions or payments. And you only find out about that total payment you need to make each year when you’re right at the checkout.
But even then, it’s not exactly a scam. Just weak marketing and branding.
Are Crypto-Backed VPNs a Scam?
Not exactly. Decentralized VPNs and VPN-focused crypto projects are actually a thing right now. Here are the main projects to keep an eye on at the moment:
- Tachyon – A decentralized Internet protocol that supports decentralized VPNs. Tachyon VPN now has a relatively decent number of public servers (40+), but just one macOS app that’s still in the Alpha stage.
- Orchid – A decentralized VPN with a working app on Android, and an iOS client being tested right now. It’s open-source, has third-party audits, and supports OpenVPN connections.
- Lethean – Another decentralized VPN that offers VPN plugins for browsers or a wallet app which lets users use Lethean cryptocurrency to pay for VPN services.
Right now, we’d say that Orchid seems the most promising since it has a working app (though, reviews are mixed). Tachyon still needs to work on the client, and Lethean has slow development because it had no ICO (which doesn’t mean it’s a bad service – it just requires patience).
But are services like these VPN scams?
Well, these ones don’t seem to be. But it’s really hard to say when it comes to cryptocurrencies.
Because there’s a lot of market manipulation going on behind the scenes, and the devs don’t always have control over that. If people who bought a very large share of tokens during the ICO/Private sale start selling them in huge quantities, the project will take a hit because the value of the coin will drop.
For example, if you check Orchid’s token (OXT) on CoinMarketCap, you can see it started going up in December 2019 around the time the devs announced Orchid’s launch. Towards the end of the month, the token lost over half of its value (from around $0.70 to $0.30). That’s the kind of drop that can cause people to generally give up on crypto-backed projects if they’re only in it for the money.
That wasn’t the case with Orchid luckily, and they still seem to be going strong, so that’s good to see.
But in the end, as long as people will treat cryptocurrencies like get-rich-quick schemes, it’ll hard to see crypto-backed services as a long-term deal.
We’re not saying decentralized VPNs are definitely a scam, but the risk is big so make sure you do your research before spending any money or trusting a random company to protect your privacy. Otherwise, you might get burned.
How to Avoid VPN Scams
The good news is that avoiding VPN scams isn’t really rocket science. It’s enough to not make rash decisions, and follow tips like these:
- If the VPN website is unsecured (uses HTTP instead of HTTPS), don’t bother with it. It won’t secure your payments.
- Avoid third-party sales. You should only trust affiliate links, not direct sales. Ideally, you should always buy subscriptions from the VPN provider.
- Don’t rely only on app store ratings. Check websites like TrustPilot, Reddit, Twitter, and VPN review sites.
- Stay away from VPNs with obvious spelling mistakes – like Mobile protection :Clean & Security VPN’s award-winning “Instantly use full of smart anti-virus” marketing copy.
- Use VPNs that keep zero logs. Also, avoid VPNs whose Privacy Policies don’t add up with their marketing copy (like saying they keep connection logs when their landing pages say the service has no logs).
- Avoid lifetime subscriptions.
- Pick paid VPNs over free ones. Or only use free VPNs that also have a paid option.
- Stay away from VPNs that require too much personal information (like your phone number).
- Test the VPN installation files or download URLs for malware with VirusTotal. Also, secure your device with antivirus protection.
- Use Stanford’s Anti-Phishing Browser Extensions and/or a password manager to receive alerts when you land on a shady phishing website that pretends to be a VPN service.
- If you’re getting a lesser known VPN, make sure the service is actually still running before buying it. Googling that or looking up the service on Reddit should help. Or just contact their support team to see how long it takes them to respond (if they respond at all).
- And lastly – if it sounds too good to be true, it’s because it is.
And if you need some recommendations about safe VPNs, try out ExpressVPN, NordVPN, CyberGhost, or ProtonVPN. If you need more in-depth information, check out our guide on the best VPN services for this year.
Alright, so there is a chance you might deal with VPN scams nowadays. And since the VPN market is booming, more and more services will pop up in the future. And scammers will likely try to take advantage of the high demand for VPNs to make a quick buck.
But if you don’t let star ratings, ads, and pushy sales messages influence you, you’ve got a pretty good chance of keeping your money and sanity safe.
What other VPN scams have you heard of? Share your thoughts with us, and tell us what else people should do to avoid them.