Don't know where to start?

Find My VPN

800,000 users at risk from two new VPN scams

Written by Ali Raza

June 5, 2020

Malware email

VPN users around the world have been targeted by scammers recently, which have found some creative ways to trick those who are after online privacy, security, and anonymity.

Considering that the entire world has been extremely concerned about coronavirus outbreak, and rightfully so, it doesn’t come as a surprise that online criminals also started using the current troubles to spice things up.

Since many of us had to start working remotely for the first time, we are mostly still ‘learning the ropes’ of the new approach, which leaves all of us vulnerable.

In fact, there were plenty of phishing campaigns revolving around COVID-19, with this only being the most recent one.

According to a blog post published by researchers from Abnormal Security, internet criminals exploited the very need for a VPN to conduct phishing attacks.

How does the attack work?

The blog post explained that the attack starts with the initial phishing attack that pretends to be from the IT support that works for the victim’s employer.

The attackers also clearly invested a little time, as they spoofed the address to impersonate different organisations’ specific domains.

The email itself only contains a short notice of a new VPN home configuration and the accompanying link. However, the link is fake, and it will not lead the recipient to a new VPN, but to a landing page that is an excellent copy of the Microsoft 365 login page.

Once again, the researchers noted that attackers went out of their way to ensure that the page will be hosted on a Microsoft .NET platform, to avoid suspicion.

Whoever enters their credentials will expose their own Microsoft account, as well as those of others who use the same credentials.

As mentioned, the attack counts on the employees’ need to work from home and use a VPN while doing so. Many are still unaccustomed to working remotely and are vulnerable to attacks of this kind.

So far, Abnormal Security reported spotting multiple versions of this attack. They target users of different services, and they use multiple addresses to conduct their attacks. However, the same payload link is used in each attack, and that is what connects them and proves that a single entity is behind them.

To avoid becoming a victim of these attacks, users should make sure that they double-check the addresses and the senders themselves. The same goes for the URLs of webpages to which they are trying to sign in.

Scammers are also using fake VPN apps

The same need for a VPN also caused other types of scams to take place, such as launching fraudulent VPN apps and charging users for using them.

Warnings of this type of attack came from Avast, after the discovery of at least three such VPN apps targeting iOS users. The apps found their way to Apple App Store, and the security company explained that these are intended to defraud users.

What this means is that the apps themselves are not malicious, they don’t contain any type of malware, virus, and alike.

However, they offer VPN services and charge users money, and then, when the user pays the app doesn’t work.

As mentioned, there are three apps that Avast managed to uncover so far. Buckler VPN (271,000 downloads), Beetle VPN (420,000 downloads), and Hat VPN Pro (96,000 downloads).

The apps were uncovered now, although they seem to have been available since April 2019, as reported by Sensor Tower.

How does the scam work?

Based on Avast’s report, the apps don’t really do much.

They claim to be offering VPN services, and they charge a weekly subscription fee of $9.99. However, once the user pays the fee, the app will not start providing VPN services.

Instead, when researchers tested it, it simply asked for a subscription to be paid once again.

Researchers attempted that too, but the app then said that they had already paid the weekly fee and that they cannot do it again.

This left them and arguably hundreds of thousands of others with $10 less in their wallet, and a useless app that doesn’t do anything.

These kinds of scams are not particularly dangerous, as the apps are not malicious.

However, they do charge subscriptions and give nothing in return. The subscriptions can be weekly, monthly, or even yearly, and they charge a much higher price than legitimate VPNs, most of which charge the same amount on a monthly basis.

But, newcomers to VPN technology tend to search for a quick solution, and not knowing any better, they will simply pay and assume that this is the cost of using a VPN.

They will, however, quickly realise their mistake, after the app proves to be completely useless.

Author: Ali Raza

Ali is a journalist with a keen interest in VPN usage. He is an expert in the field and has been covering VPN related topics for VPNCompare and numerous well-respected publications for many years.

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular Articles

Recent Posts