At the end of March 2017, the U.S. Congress repealed a law that prevented Internet Service Providers (ISPs) from selling users’ browsing data. The repeal is widely regarded as an infringement of user privacy. People are actively looking for ways to keep their online activity private i.e., they’re shopping for a VPN service. VPN services have been around for years but now they’re becoming synonymous to having car insurance. With so many people looking to buy VPN services, it was only a matter of time before someone tried to take advantage of it. Fake VPN services are cropping up and they are more than just a shady websites. These services are pretending to be affiliated with popular services, and they’re invading your inbox. Here’s how to keep yourself safe.
MySafeVPN: The Fake VPN Service for PLEX
A fake VPN service targets you through your email. It knows that you have a subscription, paid or otherwise, to a popular online service. It pretends to be affiliated with this service that you have been using for years.
Think of it like this; you love and own Apple products for years. You suddenly get a legit looking email saying Apple is now offering a VPN service. You probably don’t recall the company making an official announcement but the email will look real. The only problem is, it’s a fake. This has already happened to Plex users.
Plex is an incredibly popular media server. If you own a Chromecast, chances are you use Plex. The email in question pretended to be a VPN services that Plex has launched. It offered a discounted rate to Plex users to reel them in. The email also included a ‘referral’ link for Plex users so they could avail the service.
It was a scam. The user who received the email posted it in Plex’s online forums where a company employee identified it as a scam. Vice did a feature on it, and the service in question has since disappeared. The bottom line is; this is happening.
The Red Flags
The Plex team and MySafeVPN have both signed off on the email. It wasn’t your usual scam where a Nigerian prince tries to ship you some gold. This email is somewhat professional. There was a website, a proper physical address for the company, and a phone number. Vice did a good bit of digging to get to the bottom of who was behind this email but the average user isn’t likely to go that far.
You will have an email in your inbox and you will have to decide if this is legit or not. Here are a few red flags in the scam email.
No Official Announcement
Look for a link to an official product/service announcement in the email. In the above email, MySafeVPN does not link to an official product announcement from Plex. It is highly unlikely that a company, big or small, wouldn’t announce a new product on their blog. If Plex, or any other company for that matter, were to introduce a new service, they would announce it to get the current user base on board. A targeted email asking you to sign up for the service isn’t going to be the first you hear of it.
Companies that announce new products will begin marketing it months before the launch. They will write about it extensively, add banners to their official website, and maybe even push a little ad or two via their apps/service. If nothing else, there is at lest going to be some activity on social media. If none of that preceded the email you received, it’s likely a scam.
The US Congress decided it was okay for ISPs to sell your browsing Data on March 28, 2017. It is unrealistic that a company, regardless of its size, can get a robust VPN service up and running within weeks. It just doesn’t work like that. Technology makes a lot of things easier and faster but it still isn’t magic. If you’re getting email invites to a newly launched VPN service, a service that’s been around for just a few weeks, then be suspicious. Be very suspicious.
It’s times like this that you want to look at VPN services that have been around for a while. Not only are they more likely to be legitimate but they are also likely to provide better services.
No Real Product Offering
According to the email for this fake VPN service, you’re getting a discount for joining early. It tells you how much you have to pay. What it doesn’t tell you is what it is you’re buying; how many connections are you getting, is there a bandwidth limit, does the VPN block ads, is this for your desktop or your phone, or both. The email doesn’t touch on any of that. There is no link to a proper product page where you can check out the different plans they have to offer. More importantly, the email doesn’t say if the $9.99 subscription is for one month, three months, or an entire year.
Compare The Language
Online services send you emails every now and then. Sometimes they offer you coupons, sometimes they try and nudge you to upgrade your plan. If you receive an email telling you Netflix has just started a new VPN service, compare the language of the email with that of the previous ones. You will see a distinct difference. It’s also a good idea to compare the email layout. Scammers don’t have the best resources at their disposal. They don’t have time to replicate the look of an official email.
What’s The Risk
The obvious risk of signing up for a fake VPN service is money. If you think the service is legit, you will subscribe to it. Whether or not you actually get a VPN is a different story. The scammers might take your money and disappear. If they’re ambitious, they’ll send you an app or a link to set things up. This will in turn infect your system or just take it hostage.
A fake VPN service can be the age old phising scam. If you visit the link provided in the email and sign in using, for example, your Google account, your password might be stolen. If you’ve used the same password for different accounts, you will be at greater risk. Your credit card information might be stolen.
How To Stay Safe
If you’re new to all this, it’s best to pick a trustworthy VPN service, one that has been around for a few years and people can vouch for. As for these scam emails, it’s safe to say they’re getting smarter. For every countermeasure against scams, there are ten new ways to scam people. The less tech savvy a person is, the more likely they are to be scammed. If you receive an email for a new VPN service (or really anything new) that claims it’s affiliated with a product you already use, run a few checks,
- Check for an official announcement by the service. Going back to the email that started it all, if Plex really were starting a new VPN service, there would’ve been an announcement on the official blog.
- Check social media for product announcements by the company.
- Check the email address the email was sent from.
- Google it. We’re not kidding. Just Google if Hulu is indeed starting a space program and you’ve actually been selected to head the mission to Mars, or is it just scammers trying to get your personal information. New products, especially by large companies are covered extensively in the news. If nothing else, there will be some reviews.
- Carbon date the service. How long has it been around? Did it conveniently spring into existence the day a subversive law was passed? It’s likely fake
- Due diligence; in the age of brick and mortar stores there was a thing called ‘buyer beware’. It was up to a buyer to determine whether what they were buying was real, authenticate, and without defects. Contact customer support or email them. Learn what it is you’re paying for. Verify whether or not the service is what it claims to be.