When VPNs Go Wrong

VPNs have become widespread over the past few years as their users have expanded from businesses utilizing them for information security to individuals seeking out ways to bolster their privacy or obscure their location.

The issue that arises from growing individual use is that there are more opportunities to be scammed, and some people with VPNs for personal use may not be able to distinguish between a reputable service and a charismatic, albeit malicious scam.

The biggest culprit among these are Free VPNs. These are alarming because they draw into question how the company offering the VPN can afford to run a safe and secure network of VPN servers with adequate support – these things are expensive and have fixed recurring costs. That means the company has to make money from another source, which may entail tracking information about your browsing activity to sell to third parties.

A VPN is supposed to secure and encrypt your data. If this tool was used with the intent to log your activity, it could monitor your IP address with time stamps, how long you use the service, as well as the websites you visit and other services you use. Even if you have somehow managed to find a Free VPN that truly secures your data, it could have other unwanted side effects such as plaguing your browser with ads, throttled bandwidth, and data caps among others. If these issues don’t seem threatening on the surface, one needs only to look deeper into them to truly assess whether or not it’s safe – for example, are those ads redirecting you to malicious websites? Are you able to work or use the internet with slow bandwidth? How quickly will you exceed the data cap?

One instance of a fake VPN scam is the story of MySafeVPN.

This story surfaced on Motherboard, where Nicholas Deleon first wrote about it after receiving a shady email message from the ‘Plex VPN team’, claiming that Plex had added a VPN service to its business known as MySafeVPN. It was marketed to preserve the privacy of North American users in the wake of the changes to US ISP permissions.

Deleon then wrote to Plex’s co-founder, Scott Olechowski, asking about the validity of this supposed new VPN service. Olechowski replied, “This is *absolutely not* a Plex affiliated service or offering,” and recommended using any other VPN service, as this one was obviously shady.

Plex was not the only target of this VPN scam. MySafeVPN posed similarly to other companies, including Boxee. Both Boxee and Plex suffered data breaches a few years ago, so it is possible that is how MySafeVPN was able to access the email list.

Another one of these examples is Hotspot Shield VPN, which is a free app and service that has been accused of spying on its users and selling the data. On August 7th, the Center for Democracy and Technology filed a complaint with the U.S. Federal Trade Commission alleging that Hotspot Shield VPN is violating its own privacy policy of providing ‘complete anonymity.’ Furthermore, Hotspot Shield was found to be using iframes in webpages to inject JavaScript code for advertising and tracking purposes and disclosing the names of user’s WIFI networks via the SSID, Internet MAC addresses, IMEI numbers, among other things. Basically, the VPN was leaking everything it was supposed to secure.

Trustworthy VPN services will not sell your information or cause you to be inconvenienced by slow network speeds or ads. The real VPNs can be immensely valuable, especially when connecting to Public Wi-Fi, where you are at risk for having information stolen. Simply reading the terms and conditions of a VPN service can be enough to help you distinguish between a reliable source and a scam.

This article was written by Kristina Weber of Centry Ltd. For any questions or comments, please don’t hesitate to contact us on any of our social media platforms! For more content like this, follow @CentryCyber on Twitter.

2 thoughts on “When VPNs Go Wrong

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s