Fake VPN services are trying to blend in with genuine privacy tools and take advantage of your trust. But you can learn how to tell them apart and not fall into this trap.
Soon after net neutrality was torn down by the FCC, more and more American became interested in finding a workaround to using the Internet safely, without the fear of becoming the next target of online marketing fueled by their browsing habits.
Since every visited webpage, purchased the product and clicked link can be seen by ISPs, no wonder that the popularity of VPN services has significantly increased. Internet users are putting their trust in their virtual private network providers when it comes to privacy and security, in an attempt to prevent companies from collecting, filtering and selling personal data to the highest bidder.
Shady vs legit VPN
Unfortunately, this hasn’t stopped other people from developing fake VPN applications and taking advantage of your trust to do the same thing as the companies we just talked about: gather and sell your online profile to maximize their own profit.
According to a study about the privacy and security risks of 283 VPN apps for Android, it was revealed that 85% of them request permission to access sensitive data like user accounts and text messages, 75% of them use third-party tracking libraries, over 38% of them contain malware, and 18% of them don’t use encryption (although they promise anonymity).
There are a ton of shady VPN apps out there only interested to trick you into buying their products or using their free but malicious services. This is why you should learn how to tell them apart from genuine VPN. Needless to say, you should always employ the services of a trustworthy VPN provider, especially if you’re planning to pay for a long-term subscription.
Red flags of VPN scams
On the other hand, this doesn’t mean that startup VPN companies should be completely ignored. But you will have to be patient, not rush into buying the first VPN that crosses your path and do your research to know exactly what you’re dealing with. When using a particular virtual private network service, be careful about the following red flags:
1. Search results with aggressive ads about VPN services
If you are actively looking for a VPN service, your first impulse might be to run a search on Google (or Bing, DuckDuckGo or another search engine). As you may know, the top results you see on Google are ads, which mean that people pay money to Google Ads just so their banners are shown first.
The same applies to Facebook Ads. This doesn’t necessarily mean that their VPN is actually good, only that their makers are willing to pay more to make it look like so. Therefore, when you’re scouting the web for a VPN service, it’s a good idea to ignore ads and just look at the following search results in the list.
2. Search results with the “best VPN” label and paid reviews
When Google doesn’t return search results with the official websites of VPN providers, then it will likely show pages about other websites promoting VPN services. The headlines usually include “best VPN services” or “best free VPN services”, but this is only because most people are attracted by these keywords and don’t bother exploring the matter a little further.
We’re not saying these websites are evil, only that you should be careful of whose opinion to trust. Take into account that there are numerous paid reviews out there whose purpose is to worship a specific product and make sure to not mention anything negative about it. You might see some small “bad” parts about a VPN, but they are presented in such a way that they seem insignificant in the big picture.
If you don’t want to take the time necessary for analyzing the reputation of websites with VPN reviews, then just avoid them for the time being, at least until you can draw your own conclusions. Afterward, when you think you’re ready to buy a specific service, you can read the VPN reviews and compare notes.
3. VPN offers received via email out of the blue
Unfortunately, many websites that send newsletters and daily offers based on email subscriptions are willing to sell your email address to any third-party marketing company. In turn, the marketing company builds a large database of email addresses known to be interested in online shopping, so they further sell this information to other companies, such as VPN developers. This is how you might end up with a VPN offer via email out of the blue one day.
An example of this was MySafeVPN allegedly associated with Plex. In what appeared to be a genuine collaboration between the two, the email shamelessly promoted MySafeVPN and was sent to many computer users. Plex later denied this association, and the company behind MySafeVPN soon disappeared from the online environment.
4. Lacking or poorly maintained news, blogs or social media accounts
It’s incredibly easy to create a website, add pretty pictures, fill it with generic text, then publish it and start selling your product or service using ads. But it takes more effort than that to gain the trust of potential clients, like providing links to testing tools that can be used to personally evaluate the quality of the VPN product.
If you come across a so-called “reliable” VPN service that has no news pages, no blog, no Facebook or Twitter account, then it’s time to look for something else. If these areas do exist, inspect the posting dates to see how recent the pages area and if they get regularly updated with new content. For example, if the VPN service is temporarily unavailable, this should be immediately posted on its blog to let everyone know. Whenever a server breaks down in a certain country, you should be immediately notified in an email or within the application itself.
Also, take a look at comments, reviews, and testimonials made by regular users. To take a step further, you can look at the user profiles too (if possible) to determine whether their feedback is genuine or just another scam.
5. Claims that sound too good to be true
Content writers know they have to create powerful text to attract viewers and clients, and VPN providers make no exception. Sadly, you will come across many VPN websites with a pompous presentation and exaggerated expressions like “the number 1 VPN”, “the best VPN” or “the fastest VPN on the web”.
According to the old saying: if it sounds too good to be true, it probably isn’t. Sadly, there’s no Internet law that can stop companies from making false claims on their websites, which means that you have to depend on their honesty.
6. Lifetime subscriptions – it’s their lifetime, not yours
Another red flag that you definitely want to avoid is the lifetime subscription scam. A one-time, fixed sum of money works with offline software applications but not with online VPN services that need to be continuously updated and maintained by a team of specialists. Lifetime subscriptions are simply not sustainable for VPN providers because it’s too expensive, so never trust a website that claims this.
VPN Land used to offer subscription plans but canceled them after only 1 year of service, without returning money to its users. Besides, there’s nothing that can legally force a company into providing you with a one-time paid service until your account ceases to exist, just because you paid for something called “lifetime”. In fact, the term “lifetime” typically applies to them, not you: until the company is sold or goes bankrupt.
7. No logs policy – 100% anonymity is a myth
Data packets transferred through the secure tunnel of the VPN may be encrypted for the public Internet, but it can be still accessed by the VPN itself. This is why there’s no such thing as 100% online anonymity because it’s impossible to hide your browser activity from absolutely everyone. And this is why most VPN users understand why trust is important in relationship with their VPN service provider.
8. VPN jurisdiction – the physical whereabouts of the VPN company affect your privacy
Where the VPN company is physically situated in the world is strongly connected to the logging policy we just talked about. For example, if the country is part of the 5 Eyes, 9 Eyes or 14 Eyes alliances, it means the company is required by law to hand in any information it has on you to the government if requested.
9. Background check – privacy breaches and data leaks
Don’t just Google search the VPN application but the company, too. If it has a history of leaking user data or breaching user policy, then it’s another red flag worthy of your attention. If you don’t trust the company details displayed on the VPN’s website, turn to online Whois services to find out the organization’s full name and country (useful for determining VPN jurisdiction, too).
Also, you should know that numerous developers build applications overnight (including VPN) for different reasons, like attracting enough visitors to be purchased by other, bigger VPN providers. More often than not, you might find out that the same developer owns two or more VPN services, although they try their best to hide their tracks and not let anyone know about this – it’s just another marketing scheme.
10. Poorly maintained application updates
VPN applications are the type of software products that have to be continuously developed and updated. The team behind it must fix bugs, improve existing features and add new ones to keep up with the competition, open new servers so that users can connect to more IP addresses from additional countries, find ways to beat Netflix VPN bans, and so on. It means that VPN software applications should receive updates often, so you can check this on the company’s website, Play Store or App Store.
11. Poor customer support
Keeping in touch with clients is probably the most important aspect of a business. It’s normal for software applications to experience problems every now and then, especially those that focus on privacy and security like VPN services. What matters is the way the company deals with its problems and how it communicates with its clients.
The policy of a company can be best put to the test through direct lines of communication. Firstly, take note of the number of ways in which you can contact the VPN provider: direct email, open ticket, live chat, and so on. Secondly, choose the fastest method (live chat) and contact customer support to kindly request help on a simple matter, like how to connect to a server from Germany.
Under normal circumstances, you should get a timely, polite and easy-to-understand response. You can also ask about the logging policy, VPN jurisdiction (if the company is obligated by law to turn in logs to the local authorities), and subscription plans. Even if the information is written somewhere on the company’s website, it might be out of date. But if customer support fails in any of these aspects, it might be a sign that you’re better off with another VPN service.
12. Free VPN – nothing is really free
Most people cannot resist free products or services, and VPN makes no exception. If you run a Google search right now, you will probably end up with a long results list of “free VPN” right on top. Although some companies do not charge you money in exchange for their VPN service, don’t be fooled into thinking that it’s actually free. In fact, few reliable products and services are free nowadays.
Since companies need to generate income somehow, they will follow at least one of the following plans: add third-party applications to the VPN’s installer, show you ads during runtime, turn you into a gateway to increase the bandwidth of premium users, and collect data about your online activity to sell to marketing companies – which make them no different from the very ISPs you’re trying to hide your browsing habits from.
For example, Google and Facebook may offer you their services for free, but they get your valuable online profile in return, which can be then used to create personalized ads – the same thing happens with free VPN. On the other hand, don’t confuse free VPN with a free trial or free demo VPN – these services are really trying to prove to you how effective their services are.
13. Premium VPN offered via third-party sales websites
Once again, this is a matter of trust: why should you trust another website with your banking details when you can go straight to the source? The truth about the legal side of things is that, if something happened to your VPN account that you paid for using a third party, it’s possible that the VPN company cannot be held responsible.
However, if it’s impossible to avoid a third-party website, make sure to check that company’s whereabouts. If it’s physically located in a country that legally obligates it to turn in any information it has on you, then you’ll know how the local authorities got hold of your banking and other personal info (VPN jurisdiction).
14. VPN with malware
Companies sometimes include malicious software into their VPN services like spyware and tracking, in order to acquire the activity details of users, then sell them to anyone interested in using this information to create a personalized profile with user habits.
Fortunately, it doesn’t take a security expert to determine whether or not a VPN application includes any forms of malware. Firstly, it should go without saying that your computer and smartphone should always be equipped with a powerful antivirus solution capable of detecting and blocking malware agents in real time (before they hit you).
Secondly, you can use websites like VirusTotal, Jotti, and Metadefender to scan the setup file of VPN apps, in order to identify malware before actually installing software. These sites employ the services of popular antivirus utilities in order to scan files using multiple antimalware engines at the same time.
15. New VPNs with overwhelmingly positive ratings
While navigating the Internet to check other people’s reviews about a particular VPN application so new that it seems to have come out of nowhere, it doesn’t hurt to take those reviews with a grain of salt, especially if the feedback is overwhelmingly positive. Even popular websites that promote user reviews like Google Play or App Store can be flooded with countless fake reviews made by the same persons.
Besides, anyone can use a good VPN service to change their IP address and flood or spam websites. Before the site administrator realizes the truth behind the fake reviews, it’s already done. Instead of trusting ratings, test the VPN tool yourself to know what you’re getting yourself into.
16. Rare or unique IP leak features
All VPN apps share the same essential features. It’s normal to come across a VPN service with multiple modes of encryption and protocols, many IP addresses from many countries to connect to, and so on. Some of these apps go the extra mile and offer features that are not so common, like a killswitch and IP leak protection.
We’re not saying these features don’t work. On the contrary, some of them do their job excellent. But you shouldn’t trust the word of the VPN provider. Instead, you can perform your own tests to see how effective those rare or unique features are. For instance, IP Leak can test your browser for IPv4, IPv6, DNS, WebRTC leaks. Other similar websites are Browser Leaks and DNS Leak Test.
17. Fake server locations
A lot of users are attracted by VPN services that claim to facilitate hundreds of servers from all over the world, including exotic locations. It seems like quantity is preferred over quality, although we don’t think there are many people interested in IP addresses from absolutely every corner of the world unless they are researchers, journalists or whistleblowers.
Although companies disclose the countries covered by their VPN service on the product’s website, the actual IP addresses mostly remain a mystery. This is why it’s important to check and double-check your new IP address when connecting to a server so that you actually connect to the country that was promised by the VPN app. There are tons of websites that can do this, such as CheckMyIP, MyIP, and IP Checker.
18. No refund policy
Not all premium VPN applications offer a free trial or free demos, which means they have to be purchased to be able to install and use their features. This isn’t a bad thing, especially when the services are top quality. On the other hand, it becomes problematic if the company behind it doesn’t come with a money-back guarantee (under certain conditions, of course).
Anyone should be allowed to change their mind, even when it comes to premium VPN. If the website is unclear about the refund policy, don’t hesitate to contact customer support and kindly request a clarification.
The Internet is filled with scammers and this certainly applies to VPN services. But you can protect yourself from fake VPN by not rushing to pay money for the first product that grabs your attention. By recognizing the symptoms of a shady VPN and performing some personal investigation, you can safely make the right choice and get equipped with a genuine virtual private network app that excels in security and speed. Nevertheless, we’d love to know about your experience with scam VPN tools, so feel free to drop us a comment in the section below.