What Are the Risks of Using a VPN?
For years, virtual private networks (VPNs) provided one of the best methods to protect yourself online and hide your data from prying eyes and eavesdropping internet service providers (ISPs).
Unfortunately, scammers and hackers have begun to use our trust of VPNs against us.
Some premium VPN providers still offer legitimate protection; but free, misleading, and fraudulent VPNs are putting millions of Americans at risk.
Of the 39% of Americans that use VPNs, nearly 50% use free services, and two-thirds of those users encounter security problems [*]. For example, in 2022, the FBI issued a warning about a ransomware group specifically targeting users of VPNs with weak security [*].
If you're on the market for a VPN or considering getting one, you need to know what to look for and what to avoid. In this guide, we’ll cover the biggest risks of using a weak VPN, 10 common VPN scams to watch out for, and the best providers to consider in 2023.
Are VPNs a Scam? What You Need To Know
While all VPNs have pros and cons, they provide a unique service: encrypting your data as it moves to and from your device. By connecting you to a secure server, VPNs mask your IP address, hide your online traffic, and protect you from the dangers of public Wi-Fi.
The best VPNs offer you unmatched online privacy; but not every product on the VPN market is equal.
Some VPN providers have questionable data collection and distribution practices, while others blatantly collect and sell your data — offering hardly any privacy at all. Then there are the scam VPN apps that steal your data, infect your device, and put your identity and finances at risk.
Here are some of the major risks of downloading and using a scam VPN.
- Your browsing history could be sold to advertisers (and anyone else). At the very least, a sketchy VPN puts your privacy at risk by keeping logs of your browsing history and selling these to advertisers — defeating the entire purpose of using a VPN.
- Hackers could infect your device with malware. Scammers use fake VPNs to trick you into downloading malware that bombards you with ads or directs you to malicious websites.
- Scammers could spy on you to steal your passwords and personal data. Some scam VPNs come with spyware — malicious programs that can leak your private information and online activity.
- Fraudsters could take over your online and financial accounts. Some scam VPNs target your passwords and login information, giving hackers control of your online, social media, and financial accounts.
- You could end up paying for a useless service. Many VPNs offer inadequate service with little privacy and security or unusable speeds. Scammers may also take over once-trustworthy VPNs that have been discontinued to trick people into paying VPN subscription fees for nothing.
- Bandwidth leeches and DNS leaks. Scam VPNs may make you part of a botnet that allows others to steal from your bandwidth. They might also inadvertently or intentionally leak your Domain Name System (DNS) queries to your internet service provider (ISP).
Note: VPNs cannot protect you from many other online dangers, such as human error, hacked Wi-Fi and devices, and malicious files and websites. For complete protection, most cybersecurity experts now recommend a more comprehensive approach to digital security.
The 10 Latest VPN Scams To Watch Out For
- Free VPNs that sell your personal data
- VPN services that slow down your computer
- Sketchy VPN ads in online videos
- Fake app store reviews, awards, and comments
- VPNs that offer a “lifetime subscription”
- Cheap or “cracked” VPN accounts
- Claims that a VPN “doesn’t log any user data”
- VPNs that charge too much for their service
- Too much personal information is required when signing up
- VPN companies with unsecured websites and other red flags
Learn about some of the latest VPN scams, and prepare yourself.
1. Free VPNs that sell your personal data
You might be tempted by free VPN services, but providers need money to pay developers and keep the infrastructure afloat. In some cases, free VPN providers make their money by tracking and selling your browsing history and personal data [*].
How to tell if a free VPN is a scam:
- See where the company is based. VPN companies based in countries with lax or questionable privacy laws should worry you. A 2020 study found that 20 popular free VPNs had secret Chinese ownership [*].
- Watch out for an increase in ads and pop-ups. If VPN providers sell your information and browsing history to marketers, you could see an uptick in online advertising.
2. VPN services that slow down your computer
Fake or inefficient VPNs may cause major slowdowns to your computer, which can disrupt or stop your streaming and even your basic online activities. Slowdowns may be the result of ads, data limits, inadequate servers, or something malicious like a botnet [*].
How to tell if a VPN will slow down your computer:
- Check the data caps. Many free VPNs have daily or monthly data limits. These limits typically apply to high speed data, which leads to slower speeds once the cap has been reached.
- Verify the number and location of servers. VPN providers may have a limited number or lower quality of servers, which can get overloaded and slow down all users. Servers in other countries can also cause slowdowns.
- Look for an infection. Run an antivirus program to detect and remove malicious files or programs that could slow your computer down, such as adware or a botnet infection.
💡 Related: Does a VPN Protect You From Viruses? →
3. Sketchy VPN ads in online videos
VPN ads are all over the web — typically hosted on websites people use the most, such as streaming sites, gaming sites, and YouTube. Along with fake malware-infected VPN ads, there are also ads for legitimate VPNs filled with problematic claims and unrealistic promises, often backed by popular influencers [*].
How to avoid the risks of VPN ads:
- Understand VPN limitations. VPNs are not a cure-all for online threats. On their own, they do not provide antivirus protection or even total anonymity. For complete protection, you need a combination of digital security tools and good cyber hygiene.
- Avoid clicking on any links. Clicking on links can prove dangerous in general; but VPN ads prey on user anxieties to pressure victims into clicking on malicious links. Even clicking on legitimate referral links only feeds the cycle of unsubstantiated claims made in VPN ads.
4. Fake app store reviews, awards, and comments
Online consumers have to wade through fake reviews no matter where they shop, but VPN reviews and testimonials should be treated with extra caution. In many cases, VPN companies own the tech reviewers, which can impact the coverage and results they get [*].
How to avoid fake VPN reviews:
- Take website reviews with a grain of salt. While you can find fake reviews on the Apple app and Google Play Store, you can also find negative reviews. VPN websites, however, often cleanse their reviews and remove negative remarks.
- Read a mix of positive and negative reviews. No VPN is perfect, so look for a mix of good and bad reviews. The truth may lie somewhere in the middle. You can also lean on reputable tech reviewers with large groups of testers and products.
💡 Related: Do I Need a VPN? 12 Reasons To Start Using One Today →
5. VPNs that offer a “lifetime subscription”
Over the years, many VPN providers have offered lifetime subscriptions, and very few worked out well for consumers. The "lifetime" may refer to a specific service, allowing the provider to end your coverage whenever it decides [*]. The quality of your service may also deplete over time, giving you buyer's remorse thereafter.
How to avoid lifetime subscription scams:
- Read the refund and renewal language. Go through the fine print to learn how the company handles refunds and renewals. To avoid surprises, look for any information about how they manage lifetime subscriptions.
- Choose a reasonable coverage period. Free or heavily discounted VPN services rarely work out. Instead, pick a provider that offers a coverage period with which you're comfortable at a price you're willing to pay.
6. Cheap or “cracked” VPN accounts
Cracked VPN accounts appear authentic on the surface, but they come from stolen or shared VPN accounts. Not just illegal and unethical, cracked accounts put your device and your data at risk.
How to tell if a VPN is a cracked account:
- Avoid unverified and third-party links. Don't trust links for heavily discounted VPNs in forums or shady marketplaces. No cracked VPN provides a service good enough to make up for its risks.
- Ignore resellers. If you want to purchase a VPN, get it directly from the source. While resellers may offer savings, their products can be inferior, unsupported, and unsafe.
💡 Related: How To Shop Online Safely (Without Getting Scammed) →
7. Claims that a VPN “doesn’t log any user data”
Many VPNs claim to have a no-logs policy, but few actually follow through on this. In reality, most VPN providers collect data about their users and their activity in some way. The key here is to avoid data-selling practices or logging of data that can connect back to you — as user logs can leak [*].
How to tell if a VPN has dubious data log policies:
- Understand how the VPN uses data. Find out what the VPN provider uses the data for. If they use it for statistical information, ensure that they anonymize the data to make it unidentifiable.
8. VPNs that charge too much for their service
While most VPN price scams take place on the low end of the price spectrum, extremely high-priced VPNs can also be scams [*]. If a provider charges a large upfront fee, there's no real incentive for them to provide quality service over an extended period of time.
How to tell if a high-cost VPN is a scam:
- Stick within the typical price range. VPNs on their own can only do so much, so the price should be reasonable. Unless it's part of a digital security package, VPN prices should fall between about $5-$15 per month.
- Look for protection terms. Think twice about committing to a VPN that doesn't offer refunds, cancellation or trial periods, and 14- or 30-day money-back guarantees.
💡 Related: What Is a VPN On iPhones (and How Do You Use One)? →
9. Too much personal information is required when signing up
VPN providers should really only need your name and credit card details to process payments and set up your services. Steer clear of services that ask for detailed contact information, such as your phone number and address. This only increases the likelihood of your internet traffic being connected to you.
How to avoid VPN personal information scams:
- Look for alternative payment methods. If you're worried about giving out your credit card details, consider a service with alternative payment methods, such as cryptocurrency or gift cards. These more anonymous methods will keep your identity separate from your account.
10. VPN companies with unsecured websites and other red flags
All VPNs promise extensive online security, but not all carry through on their promises. Some companies put you at risk from the moment you visit the website, while others simply provide insufficient encryption protocols and ciphers.
How to tell if a VPN is secure:
- Check the website's SSL certificate. If a VPN provider can't secure its own site, you can't trust them to secure your traffic. Verify the site has a valid SSL certificate by looking for “HTTPS” (not “HTTP”) in the url.
- Check the encryption techniques. Make sure your VPN uses adequate encryption techniques, such as 128-bit, 192-bit, or 256-bit encryption. You should also double-check that they use proven and secure protocols, such as Hydra, OpenVPN, or WireGuard.
What Popular VPNs Are Safe To Use?
While the risk of VPN scams is only getting worse, there are plenty of providers that still offer protection and privacy at a fair price. Let's look at some popular free and paid VPNs and see if they're safe to use.
Is Aura safe to use?
Yes, Aura is safe to use. Aura is an award-winning, all-in-one identity theft protection solution that offers a military-grade VPN, powerful antivirus software, a secure password manager, Dark Web monitoring, parental controls, and other AI-powered digital security tools to protect you and your family against hackers and scammers. Aura provides 24/7 U.S. based customer support, and is compatible with iOS and Android devices.
Aura has been rated the #1 identity theft protection service by Money.com, USNews.com, TechRadar, Forbes, and more.
Is NordVPN safe to use?
Yes, NordVPN is safe to use. NordVPN features 256-bit AES encryption, split tunneling, and Dark Web monitoring to protect your privacy. The service also offers an automatic kill switch and dedicated user IP addresses [*]. However, NordVPN lacks phone customer support, and not all VPN servers allow torrenting [*].
Is Betternet safe to use?
Yes, Betternet is safe to use. Betternet VPN offers quality free and premium service options, plus split tunneling, a kill switch, and a fast VPN protocol. With the free service, Betternet VPN users encounter ads, limited servers, and slower speeds than premium service users [*].
Is CyberGhost VPN safe to use?
Yes, CyberGhost VPN is safe to use. CyberGhost VPN claims to have over 10,000 servers spread across 91 countries. The VPN has several attractive features, including a kill switch and torrenting capabilities, plus affordable plans. Even though CyberGhost logs user IP addresses, it stores them anonymously [*].
Is HotSpot Shield safe to use?
Yes. HotSpot Shield is safe to use. HotSpot Shield boasts high-quality servers with fast speeds and a powerful proprietary protocol. HotSpot Shield's main drawbacks include limited connection capabilities and a lack of live customer support for free version customers [*].
Is SurfShark safe to use?
Yes, SurfShark is safe to use. SurfShark offers unlimited device connections, diverse VPN protocols, a kill switch, and a camouflage mode that hides the use of a VPN [*]. While the SurfShark VPN features fast speeds, it provides a static IP, which might make it easier for hackers who are trying to identify you.
Is ExpressVPN safe to use?
Yes, ExpressVPN is safe to use. ExpressVPN uses a network of 2,000 servers in over 160 locations. The VPN has a password manager and a kill switch, but ExpressVPN's limited connection capabilities and support channels may hold it back for some users [*].
Is SuperVPN safe to use?
No, SuperVPN may not be safe to use. SuperVPN has several issues that should keep users away, including dated encryption methods and questionable data recording practices [*]. There's also concerns about a recent data breach that exposed over 360 million SuperVPN user records, including IP addresses, contact information, and geolocation records [*].
Is Hola VPN safe to use?
No, Hola VPN may not be safe to use. Hola VPN reroutes all user activity through a peer-to-peer network of IP addresses to get around various location restrictions. This means that other people can use your IP address for whatever they wish [*]. Hola also has worrisome encryption and data logging practices [*].
How To Stay Safe Online (and Avoid VPN Scams)
Everyday, the number of online threats increases — and the need for improved online security grows. While a VPN can help protect your identity, data, and internet traffic, not all services provide the same level of protection.
When shopping for an effective VPN, here are some points to consider and look out for.
- Research VPN services before signing up. Look for a reputable VPN provider with a history of quality service. Make sure the VPN has extensive reviews, trial periods, and strong customer support.
- Don’t give out too much personal information. VPN providers shouldn't need much information to set up your service. Avoid giving out any private information, which is a good cyber hygiene practice in general.
- Use unique passwords and a password manager. A secure password manager stores all login credentials in one place, making it easy to use complex passwords for every account without having to worry about remembering them. Aura’s password manager gives you access to all of your passwords with a single click, and warns you if any of them get compromised in a data breach.
- Enable two-factor authentication (2FA) on all accounts. Make it harder for hackers and scammers to access your accounts with 2FA, which requires identity verification through another device or alternate account.
- Protect your devices with antivirus software. Install and run antivirus software on all of your devices. Along with detecting and removing viruses, these tools help you recognize and recover from hacks.
- Regularly update your apps and operating system. App and system updates fix vulnerabilities and exploits. Putting these off can considerably weaken your security.
- Sign up for identity theft protection. A full identity theft protection service creates a first and last line of defense. Should hackers get through to your information, a reliable service will alert you if your information leaks, changes, or gets used online.
Consider Aura as an all-in-one solution for protecting your online, financial, and personal accounts. Aura offers a powerful VPN, credit and Dark Web monitoring, and 24/7 U.S.-based support — including remediation help from a dedicated team of White Glove Fraud Resolution Specialists, along with $1 million in insurance coverage for eligible losses due to identity theft.