11 VPN Scams to Look Out for in 2025 (And How to Avoid Them)

In recent times, online privacy has become a hot topic. That makes VPNs (Virtual Private Networks) one of the most effective and go-to tools for staying safe online. Unfortunately, this creates a golden opportunity for bad actors to scam people.

From shady free VPNs that log your browsing history to fake apps designed to inject malware or steal credit card information, VPN scams are rising. Many even mimic legitimate brands to trick users into trusting them.

They are misleading and only aim to dispossess you of your money, personal information (which is then sold to advertising companies, thereby exposing you to all sorts of online danger), and many other things.

Knowing how to spot these scams before you fall victim is crucial. This guide uncovers the most common VPN scams circulating today and explains how you can avoid them to keep your privacy intact.

Scams that VPN does – Quick list

Scams in the VPN industry

The following are some of the mostly commonly seen and worst scams we’ve noticed in the VPN market that you should always look out for:

Scam #1: Free VPNs

An old saying goes, ‘There is no free meal in Freetown.’ This is especially true for VPNs. Free VPNs are among the most dangerous and common scams to watch for as they go against everything a VPN is supposed to be. Unfortunately, many are focused on the catchy word “free,” ignoring the dangers in it.

While it’s true that cybersecurity is not 100% assured, there’s peace in knowing that companies have more to lose when they sell, log, or use your data. Unfortunately, this is precisely what free VPNs do; they collect your data and sell it off to third-party agents for their benefit.

Like Facebook, Gmail, and other free services and products, free VPNs are just another way companies make money off your private information. For these companies, data collection is their primary business model.

Example: VPN Master-Free VPN Proxy is a free VPN and is on Google Play Store. It has a high rating of 4.6 and approximately 100 000 downloads. Before now, one would observe that the VPN has lots of free malware. This is no longer the case, though, as a recent check done on VirusTotal shows the VPN is free from all malware. This goes to tell you that you should never fully trust Google Play and Apple Store ratings.

Free VPNs are also known for the following:

They direct users to ads
They track and log online traffic data, selling it off to third parties.
They do not do the job of encrypting your data (even if they say they do)
Free VPNs inject malware, spyware, and so on into their clients’ devices to monitor their online activities.
They steal bandwidth and resell it to third parties

Scam #2: Look out for fake VPNs

With the growing popularity of VPNs, fake versions are also springing up like weeds. These are not VPNs but rather VPN subscriptions sold by these scammers to unsuspecting users. One of such counterfeit VPNs is MySafeVPN (and lots more).

We define a fake VPN as one that goes against privacy and security. An example is Hola VPN; this VPN uses its customers’ devices to produce a botnet, a feature that allows others to ride off their internet bandwidth freely; they do this without customers’ knowledge.

A way to avoid being a victim of fake VPNs is to avoid new VPN services with unproven track records or have a history of good performance and support. These fake VPNs often promise to make you ‘anonymous’ with their software; this is usually a lie. They only want your money. Sometimes they go a step further to inject spyware, malware, or ads into your data or sell off your data to third parties.

The bes t VPNs have a transparent system; they communicate their goals, the location they operate, and the type of security they provide. So, ensure you carry out proper research before opting for a VPN, read through the terms of service, as well as the privacy policy.

Scam #3: VPN lifetime subscriptions

VPNs that offer lifetime subscriptions are red flags; avoid them at all costs. Operating a secure, fast, and safe network of global VPN servers with good apps and strong support is no child’s play; it’s expensive and has recurring costs. Given this high cost of operation, how can a VPN offer a ‘lifetime subscription’?

Take, for instance, the graphics obtained from Gdgt Deals; they used to offer a lifetime VPN subscription to Windscribe VPN for a mere $49, with the original price going for just $900. The price is meager, so much so that there had to be a catch, and there was. But that too has been fixed, thanks to all the articles that called their attention to it. Here’s what their updated website looks like:

For instances like this, here are some of the theories we came up with:

These cheap or ‘free’ VPN services collect customer data and sell it off to advertisers and third parties. This business model is popular and lucrative.
The VPN redirects your browser to third-party sites or bombards you with ads and then gains commissions for their sales.
The ‘lifetime subscription’ is just a faux. The VPN provider will cancel the subscription after a year or so.
The VPN is just like a Ponzi scheme; it requires an ever-growing list of subscribers to remain active until it eventually collapses like a pack of cards.

Usually, the ‘lifetime’ refers to the lifetime of the VPN company and not that of the customer. Once the company sells its lifetime subscriptions, it pays itself out, shuts down the business, and disappears into thin air.

Some VPN companies cancel all the ‘lifetime subscriptions’ and convert the accounts into recurring paid subscriptions. An example is VPNLand, a company no longer in existence as of today.

A user who complained to the company got the following response:

“Just FYI, A ‘lifetime’ account does not mean it will be valid till someone dies. It could be anyone’s lifetime-such as a cat or lifespan of the hardware.”

The above statement is just an example of the cruelty users are subjected to; don’t fall victim, avoid VPN market scams.

Scam #4: Dubious free VPN apps

Generally, free VPN apps have problematic security and privacy features. Recently, news making the rounds had it that free VPN apps on the Google Play Store deliver financial malware to unsuspecting users. While this is not true for every VPN app, most free VPN apps found on Apple or Google Play Store are insecure and dangerous to use.

A team of researchers had this to say about the free Android VPN app:

16% of VPN apps steal their customers’ bandwidth
18% do not encrypt data
38% of these apps contain malware (spyware, riskware, malvertising, and trojans) used to monitor, steal, or damage your data
74% engage in third-party tracking
82% attempt to get sensitive information of users (users’ text messages or accounts)
84% leak their customers’ actual IP address

Close observation of increasing VPN app scams reveals that many of these malware-infested apps have high ratings. This means that millions of unsuspecting people are using a VPN filled with tracking and malware. This is more so for free VPN apps. Hence, we advise you to avoid shady free VPN apps.

Scam #5: Faulty features and unsubstantiated claims

Scammy VPN providers often make bogus claims. A typical example of this includes:

There are no logs: Many VPN providers claim their VPNs contain ‘no logs’ only to discover that they disclose information collected. PureVPN and Betternet VPNs are examples of VPN providers with such claims. We advise users always to read and understand the privacy policy of any VPN they wish to subscribe to.
Fastest VPN: This is another bogus claim that many VPNs make. Many of these VPNs have nothing more than mediocre speeds, and this is usually because their servers have many users per time lured by the same ‘fastest VPN’ claim.
No IP address Leaks: Many VPNs claim to have robust IP leak protection features, but upon use, you will discover these features don’t work. One way to determine if the features work is to run a series of VPN checks and tests.

When scouting for a VPN to subscribe to, ensure your scam radar is on high alert; read through the claims and features of the VPN website before making a decision.

Scam #6: Questionable pricing policy

Avoid VPNs that require you to pay a huge sum of money, or those that require nothing from you. When reviewing pricing, ensure you know when you are to pay as well as how much in real terms. Some time ago, about 200 customers fell for a $400/month VPN service fee in a scandal with ‘Mobile protection: Clean & Security VPN’ (did you observe the typo error in the title?). The app claimed they charged users $0.99/week for its premium service; they also made many other bogus claims.

Aside from the pricing error, the product description has many grammar mistakes, which should immediately alert observant users to the service’s ingenuity. Despite its unsuitability, about 50,000 people downloaded the app before it was finally retired.

Before subscribing to a VPN service, ensure it’s real and determine how much it costs. Most genuine VPNs charge monthly or biannually; you will rarely find an honest VPN service that charges weekly. On average, a genuine VPN service costs between $40 $99/year.

Scam #7: Fake reviews, comments and testimonials

Most reviews of new VPN services are not organic. They are mostly fake reviews written by the VPN providers to tell you how fantastic a VPN is. Below is an example of a company whose review website and company are the same:

The company J2 Global is a subsidiary of its parent company, PCMag. They buy up VPNs; IPVanish and StrongVPN are a couple of them. It seems they always recommend IPVanish in the list of their ‘best VPN’ guides, a trend that we noticed in 2017. PCMag is well known for publishing digital content; they also own lots of VPN websites. Therefore, it’s no mere coincidence that IPVanish is often among its recommended VPNs.

Not too long ago, in March 2021, Kape Technologies acquired Webselenese, a security and privacy content specialist media. This group operates both Wizcase and VPNMentor, two of the most popular VPN and digital security blogs today. For those unaware, Kape also owns Private Internet Access, Zenmate, and CyberGhost VPN.

While amid these acquisitions, the firms keep saying that editorial independence would remain the same — that mostly is not the case. In this example, Kape Technologies bought Webselenese for a whopping $150m. Now, if someone comes and tells after a $150m investment, the buyer wouldn’t interfere with the business affairs of a product, it would be hard for anybody to believe that.

Aside from fake reviews, it appears some people pay commenters to post how great a VPN is, mainly when a user publishes a negative review. All of this indicates that not all reviews are genuine; therefore, be careful of all online content, including:

Comments
Testimonials
Reviews

Bear in mind that most ‘reviews’ aren’t based on real testing; these reviews are nothing but marketing jingles, albeit paid ones.

Scam #8: Third-party sales sites

Recently, there has been a surge in the market demand for third parties who sell lifetime subscriptions. Despite their popularity, we advise you to avoid these middlemen at all costs. We suggest this because they often raise some questions, including:

Why should a VPN service partner with a third-party site to offer lifetime subscriptions or sales?
Why should I trust a third-party sales site with my data and banking information?

We observed this with the Windscribe review, but are glad they no longer sell this type of subscription. So, it’s best to avoid third-party websites and intermediaries. If you wish to purchase a subscription, then do so directly from the VPN company.

We have seen VPN providers that cancel all their lifetime subscriptions that users bought through third parties. When these users complain, neither the third party nor the VPN company takes responsibility.

Scam #9: Unsecure VPN websites

It’s important that when deciding on the VPN to go for, you read through the product description to verify that the services advertised are genuine and authentic. From the example given in Scam#6 above, where we mentioned “Mobile protection: Clean & Security VPN,” the service claims had phrases like “duplicate contacts” and “instantly use smart anti-virus.”

How this escaped Apple, we do not know, nor do we understand how it made it to its list of VPN apps. But even after deleting the app, many other VPN apps remain. Those fishy VPN apps now are only more careful with the words they write.

A way to determine a VPN’s quality and distinguish it from a scam is its security features.

For instance, MySafeVPN is a sham VPN provider with no HTTPS security, only HTTP. The difference is that while HTTPS encrypts data, HTTP does not; this seemingly unimportant factor, when taken into consideration, can save you from scams in the VPN industry. If a VPN site is not secure, there is no guarantee the service will be secure.

If a VPN claims to have military-grade security and privacy but does not even have HTTPs on its website, you can be sure they are lying.

Scam #10: VPNs that require too much private information

Look out for VPNs that require you to reveal a lot of private information. Astrill, a popular VPN service, requires its customers to log in using their address and phone number. Ignore VPNs that require this of you, as VPNs are not supposed to require your identity before using their services.

Bottom Line: VPN providers that accept Bitcoin as a form of payment should be considered as this further distances you from your account.

Scam #11: Inactive VPNs

There are also some disconnected or dead VPNs whose sites are still in operation. This means that although the service no longer functions, you can still buy or subscribe to it.

An example of this is EarthVPN. The VPN service is officially dead, but the site is still in operation. It has all its marketing features and the checkout process too. Users can find deals for subscriptions if they Google them, while some review websites still have links to the VPN’s subscriptions.

However, its customer reviews reveal that the servers are no longer active, and no one responds to the support tickets. Hence, it’s most likely the service went off the radar silently. They probably refused to come clean because the money keeps rolling in, and they didn’t want it to stop.

If you subscribe to a dead VPN, you can be sure your money is gone. You won’t be getting any VPN service nor a refund either, as there isn’t anyone in the company to process, acknowledge, or refund it. Besides, an insecure website will have your payment details to make things worse.

How to avoid these scams

The following tips will ensure you know how to avoid scams by VPN providers:

Do not readily give out your email and personal information
Never respond to emails referring to your financial or bank profile
Beware of pop-up ads
If you have the slightest doubt, don’t go ahead with the VPN subscription
Avoid free VPNs
Deal with your VPN provider directly (no third-party)
Never opt for VPNs with lifetime subscriptions
Watch out for the provider’s country of origin
Read through the privacy policy and terms of service
Avoid VPNs without an anonymous payment platform
Beware of VPNs with security breaches
Avoid VPNs with no known reputation

Is it ever dangerous to use a VPN?

VPN services are becoming popular in recent times, and for good reasons. A reliable VPN can be a secure and safe way to surf the net. Many privacy-driven users use them to prevent monitoring by government agencies, corporations, and advertising firms. However, the danger comes in using free, unreliable VPNs; they are untrustworthy and thus dangerous.

VPNs (Virtual Private Networks) protect individuals and organizations by creating a private browsing session. You need it even more when using public WiFi, such as libraries, cafes, restaurants, and other public domains, to prevent other people from accessing your online traffic data. A VPN creates a safe channel between the user’s device and the VPN server; this hides the user’s browsing activities and location.

Also, with VPNs, users can securely guard their online privacy to prevent ISPs (internet service providers) from monitoring their online activity. That becomes possible because after connecting the user’s device to the VPN server, the VPN bypasses the user’s IP address, hides the internet data, and makes it difficult for mischievous people to access the user’s information.

So, in essence, using a quality VPN can never be dangerous to you. It will instead help you stay secure online and enjoy the internet to the fullest.

Infamous VPNs that you shouldn’t trust

There’s no doubt that VPNs are a must for better privacy in today’s world. However, not all VPNs are worth it. Many are so dangerous that you are better off not using any at all. Here are some of those VPNs you should not trust.

1. HideMyAss

We prefer to call it “reveal my ass.” Yes, this VPN is compatible with iOS, Android, Linux, PC, Mac, and routers and unblocks restricted websites (one of the key functions of a VPN). BUT it does all this at a cost. VPNs have the primary responsibility to protect their customers’ data, but HideMyAss does the exact opposite.

When pressured, they give out their clients’ information. This was the case in 2011 with a man named Cody Kretsinger. Private internet data was provided by HideMyAss when the police demanded it, an act that eventually led to his arrest, prosecution, and jail.

2. Hola

Hola is another VPN you should not trust. In 2015, reporters found the VPN service doing what no other VPN service ever considered doing. They converted their customers’ PCs into ‘exit nodes,’ allowing other users to route their data through the node. And they didn’t stop there. Instead, Hola went further to sell the bandwidth to third-party agents. It is a clear violation of everything a VPN stands for. Therefore, we advise you to avoid it at all costs.

3. HotSpot Shield

A research paper published in 2016 accused Hotspot Shield of “Introducing JavaScript codes” and also “redirecting e-commerce traffic data to affiliating domains.” Again, in 2017, a private group accused Hotspot Shield of capturing and redirecting website traffic to affiliate websites, including advertising firms.

4. PureVPN

In 2017, the FBI arrested a man accused of stalking another person; this was possible through information on his online activity obtained via PureVPN services. Although PureVPN claims it does not log information, is more likely a lie, as they could produce enough evidence to identify the accused while cooperating with the FBI.

5. VPNSecure

First, VPNSecure has its base in Australia, a “Five Eyes” country where the government and others closely monitor users’ online activities. In 2016, a research paper discovered DNS and IP leaks with the VPN service. Also, it features “egress points,” which have similar traits to “exit nodes” present in Hola VPN.

The paper had its suspicions (unconfirmed suspicions) that the company uses its customers’ bandwidth without their knowledge. While our security team couldn’t confirm it, if you want to stay safe, it’s best to stay away from this provider.

6. Opera free VPN

In 2016, Opera browser brought in a ‘free unlimited VPN” and made it available to all users. However, despite the name, Opera Free VPN is not a VPN in the world’s true sense; it is more like a website proxy. It collects users’ data that they are likely to share with third parties (there is no evidence to lay a claim yet, though).

7. Facebook Onavo VPN

In the first part of 2018, Facebook revealed an in-built ‘Protect’ feature for all mobile apps. In the reality, it was nothing more than Onavo VPN, a VPN app that Facebook acquired far back in 2013.

However, regardless of its effectiveness in protecting users, there’s a catch: Onavo collects its customers’ internet data and then uses it to make Facebook better. They use this data to gain insight into what the people want and then improve their products and services. This is commendable, only that the data collected is without the customer’s knowledge, and who is to say they won’t pass it on to advertising firms and third-party services?

8. Zenmate

In 2018, Zenmate, PureVPN, and HotSpot Shield were found leaking the real IP addresses of users. Meaning, when you use the internet with a link to Zenmate, your identity and data could leak. Although Zenmate became aware of this, they were very slow to respond. Hence, to be on the safe side, we advise you to avoid the VPN altogether.

FAQs

How do you know if a VPN is legit?

Run DNS and WebRTC leak tests to check if VPN is legit. These tests tell if VPN is leaking your visited sites or private IP address.

Share this article

About the Author

Aliu Isa

Streaming Expert

87 Posts

Isa is a Nigeria-born professional writer and editor with more than 10 years of experience under his belt. Having worked with some of the most renowned organizations worldwide, he’s been able to produce and publish hundreds of high-quality articles across a wide range of niches. Over time, Isa has developed an immense interest in digital security and privacy. He has always been a privacy enthusiast, and now, he's giving it all to educate people on privacy, security, and geo-blocking issues around the world.

Comments

No comments.