What Does a VPN Not Protect You From? [All You Need to Know]

Reading time icon 9 min. read


Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

what does a VPN not protect you from

VPNs are frequently marketed as the ultimate protective tool. They use military-grade encryption and security protocols to redirect and hide your traffic.

But a question remains: What does a VPN not protect you from?

We’ll cover all the VPN limitations and give tips on keeping yourself safe online.

Let’s get started!

What are VPN services’ limitations?

Although versatile, VPNs can’t protect you from everything. They can’t conceal your device ID, browser and OS, IMEI, MAC address, and IMSI. 

On the bright side, premium providers use the best encryption and VPN protocols to ensure outsiders can’t access the following:

  • IP address — ISPs, governments, apps, and websites can track your activity using your IP address to create a personalized digital profile. With a VPN, you can temporarily acquire a different IP that can’t be traced back to you.
  • Geographical location — Your IP address corresponds to your physical location. Nobody will be able to pinpoint your exact location based on it, but your country and general whereabouts will be accessible.
  • Downloads — Your ISP is aware of your online activity and how much bandwidth you’re using. Your government and advertising companies can also track your downloads. You could face fines or legal actions if you’re illegally downloading copyrighted content. 
  • Search history (partially) — A VPN will encrypt your web searches, making it impossible for your ISP, government, or cybercriminals to crack the code and descramble your data. However, your browser still tracks your search history. 
  • Personal data — Your VPN’s encryption extends to your personal details as well. Login credentials, emails, credit card information — all your data will be kept safe from prying eyes.
  • Streaming and gaming activity — These data-heavy hobbies often lead to ISPs throttling your bandwidth during peak hours. However, you can avoid that by using a different IP address. 

Additionally, you can’t rely on VPNs in countries they are illegal.

What does a VPN not protect you from?

Admittedly, VPNs are robust privacy and cybersecurity tools. Still, there are some things they can’t hide or protect you from.

Here’s what you should look out for!

Phishing and other social engineering attacks

Phishing is a type of social engineering in which malicious actors impersonate legitimate companies and trusted persons.

Some of the most common threats of this kind are as follows:

  • Deceptive phishing — Victims usually receive an email from a recognized sender that urges them to click on a link or share personal data. The fraudsters bypass detection from email filters by including legitimate links and contact information of the company they’re impersonating.
  • Whaling — These attacks target executives and high-ranking members of organizations. Cybercriminals commit CEO fraud by stealing login credentials, authorizing financial transfers, and obtaining W-2 information on all employees.
  • Spear phishing — Such schemes use personalized data to trick their victims. It commonly happens on LinkedIn and similar social media sites where malicious actors can learn about their targets. Clicking on customized fake job offers installs backdoors and other malicious programs. 
  • Smishing — In this case, attackers use SMS texts to convince users to hand over personal information. Then, malicious links trigger malware download or instruct victims to contact fake tech support.
  • Vishing — Alternatively, fraudsters may turn to phone calls. They often use technical jargon to make their inquiries look official. They can disguise their phone number and match it to the target’s area code. 
  • Pharming — Cybercriminals use DNS cache poisoning attacks to target DNS servers and change their corresponding IP address. Victims are then redirected to malicious websites, even when they type in the correct website name.

Malware and spyware

VPNs aren’t equipped to deal with certain malware, so you’ll need a dedicated antivirus to keep yourself safe.

These are some examples of viable threats.

  • Trojans — This malware appears as legitimate software, so users download and install it. However, hackers use it as a doorway to spy on your device and delete, capture, and modify data.
  • Worms — These programs exploit OS vulnerabilities and spread over computer networks by self-replicating. They often serve as a gateway for payloads, which can delete, encrypt, and steal data.
  • Viruses — This is code inserted into a program that activates once the software is run. It can be used to launch DDoS or ransomware attacks and steal sensitive data. Viruses can also replicate.
  • Spyware — Such software hides on your devices and tracks your login credentials and similar information. It’s often bundled with legitimate programs or Trojans to hijack your browser and steal information about the websites you visit to overwhelm you with ads.
  • Adware — If your screen is bombarded with pop-up ads, you’re probably infected with adware. It’ll also redirect you to advertising websites and sell your user data to advertisers.
  • Keyloggers — Keyloggers are a form of spyware that records keystrokes and can steal your passwords, banking information, and other sensitive data.
  • Ransomware and crypto-malware — These programs can lock users out of their devices until a ransom is paid. Crypto-malware is a sub-type that perpetrators use to encrypt their victims’ files and demand payment in cryptocurrency. 
  • Botnets — Botnets are a collection of infected computers controlled remotely by a hacker to execute mass cyber-attacks, such as DDoS attacks and malware distribution.
  • PUP — PUP (Potentially Unwanted Programs) are additional programs users are unaware of, bundled with legitimate software. They’re usually pop-ups and toolbars and can be very hard to uninstall. 

Unsecured networks and public Wi-Fi

VPNs are recommended to use when connecting to public networks for safety reasons. As a rule, anybody can monitor your activity on public Wi-Fi.

They could steal information, including email login credentials, passwords, and bank account details.

On top of that, public hotspots are full of other risks, such as man-in-the-middle attacks, evil twin attacks, and Wi-Fi pineapples.

Luckily, a reliable VPN service will take care of these threats. Thanks to encryption, it can scramble your data and make it unusable for potential snoopers and eavesdroppers.

Still, you won’t be completely safe. There are other ways for hackers to trick you.

Filesharing and AirDrops are possible routes. You should always disable them to prevent downloading harmful files.

Another vulnerability is Wi-Fi auto-connect. If it’s enabled, you could accidentally connect to a fake network set up by hackers.

Finally, the brief pause between connecting to a network and turning on a VPN leaves you open to attacks.

How to protect yourself from online threats?

You can do many things to improve the defense of your devices. While some of these tips are cyber-security basics, they’re still worth repeating.

1. Create strong passwords

Hackers use brute-forcing software to crack passwords; sometimes, they can even guess them.

Generally, you should avoid using publicly available personal information in your password. The same applies to common words that can be found in a dictionary.

It’s best to rely on randomly generated passwords. Furthermore, shorter passwords are easier to crack, so you should have at least six characters

For good measure, you should also use numbers, symbols, and uppercase and lowercase letters.

Additionally, you should never reuse passwords. Instead, get a unique one for every account and let your password manager remember them.

2. Use two-factor authentication

Even if your password gets cracked, two-factor authentication will make sure that hackers won’t gain access to your account.

It adds an extra step, like a fingerprint scan or authentication link. Only you will be able to pass both forms of identification, which can prove invaluable.

3. Recognize phishing messages

There are some tell-tale signs that the email you’ve received might not be trustworthy.

Phishing emails often contain:

  • Grammar errors and misspellings
  • Generic or unusual greetings
  • Mismatched email domains
  • A sense of urgency
  • Requests for personal information
  • Suspicious links or attachments.

If the message you’ve received checks any of these boxes, don’t respond and report it. Here’s how to spot a phishing email.

Whenever the Internet offers you something for free, treat it with suspicion. If you’re unsure about a program or website, check reviews before clicking or downloading anything.

Pop-ups that say you’ve been infected or won something are also dangerous.

Furthermore, email attachments can also contain malware. Only open them if you’re confident they’re safe.

5. Use a non-administrator account

Admin accounts have the right to install new software, which is potentially risky.

On the other hand, standard or limited user accounts don’t have this privilege.

That makes them much safer for daily use, as you can’t accidentally install harmful software.

6. Keep your operating system and software up-to-date

Your operating system has regular updates that ensure everything’s up to par. Most importantly, they contain security fixes.

If possible, enable automatic updates so you can get them as soon as they’re available.

The same goes for software. You’ll especially want to ensure you’re using the latest version of your browser.

7. Use an antivirus program

Even if you click on a suspicious link, this software will stop it before anything bad happens. It’ll warn you of risky websites and prevent redirections.

It’ll also scan downloads for malware. If your antivirus detects anything suspicious, it’ll contain it and ask for your permission to delete it.

Furthermore, you can run regular, quick, and in-depth scans for any malware that might have slipped through.

What does a VPN not protect you from? – Summary

To summarize, a VPN does NOT protect you from:

  • phishing attacks
  • malware
  • public network vulnerabilities
  • a general lack of vigilance

Encryption is great for privacy but won’t save you from cybercriminals and particular security threats.

As always, you should take protective measures and keep a watchful eye for anything unusual.

Good luck and safe browsing!

User forum

0 messages