While VPNs may protect you from some types of cyber attacks launched by hackers, they don’t protect you from all of them. For example, VPNs may protect you from Man-in-the-Middle (MITM) attacks, remote hacking, Distributed Denial-of-Service (DDoS) attacks and session hijacking, but VPNs will not protect you from hackers who steal encryption keys, or from account compromise, phishing attacks or illegitimate websites.
Continue reading to learn more about what VPNs do and do not protect you from, plus learn tips on how you can stay protected from hackers.
What is a VPN and what does it do?
A Virtual Private Network (VPN) encrypts your internet traffic. Encryption is when your data is turned from a readable format to an unreadable format known as ciphertext. When using a VPN, your internet traffic is encrypted meaning no one can see your IP address or intercept data that is sent or received from your device.
What cyber threats can VPNs protect you from?
Here are a few cyber threats VPNs can protect you from.
Man-in-the-middle attacks
Man-in-the-middle attacks occur when cybercriminals intercept data being sent between two businesses or people. The goal of intercepting the data can vary but it’s usually because cybercriminals want to steal, eavesdrop on or modify the data. MITM attacks are most likely to occur when connected to a public WiFi network since anyone is allowed to connect to it and can view the data being sent over it.
VPNs prevent anyone from being able to intercept your internet traffic through the use of encryption, meaning no one will be able to see what’s sent or received by your device. Next time you connect to a public WiFi network, make sure to connect to a VPN first to keep your information private.
Remote hacking
Remote hacking is when cybercriminals remotely gain unauthorized access to devices or networks. While there are many ways to initiate remote hacking, one of the most common ways cybercriminals carry out this type of attack is by using your IP address.
VPNs mask your IP address making it difficult for cybercriminals to know what your actual IP address is. This can prevent them from being able to hack your device or network remotely.
DDoS attacks
Distributed Denial-of-Service (DDoS) attacks aim to disrupt your server by flooding it with an overwhelming amount of internet traffic using bots. DDoS attacks overload servers with traffic so the targeted website eventually crashes, making it inaccessible to the website’s users.
To launch a DDoS attack, cybercriminals need to know your IP address. Since VPNs mask your IP address, cybercriminals won’t be able to target your network to launch a DDoS attack.
Session hijacking
Have you ever noticed that when you log in to one of your accounts you don’t need to consistently re-enter your credentials? This is because when you log in to your account, the website creates something known as a session ID. While session IDs provide convenience, they are also commonly exploited by cybercriminals to compromise your accounts. Session hijacking attacks occur when cybercriminals get a hold of your session ID and use it to trick the website server into thinking they’re you.
VPNs encrypt all of your internet activity, including your session ID. This makes it extremely difficult for cybercriminals to steal your session ID and use it to compromise your accounts.
The types of cyber threats VPNs cannot protect you from
Here are a few cyber threats VPNs will not protect you from.
Hackers who steal encryption keys
Encryption only works if the associated encryption keys are kept secure. If a VPN service doesn’t have good security measures in place to secure encryption keys, or human error leads to a data leak, it’s possible that a cybercriminal can gain unauthorized access to the key. With access to the key, cybercriminals can use it to decrypt user’s data even though they’re connected to a VPN.
Account compromise
Account compromise can happen in many ways, but it’s often due to poor password strength and password reuse. If you’re someone who doesn’t use password best practices or a password generator when creating passwords, your accounts are more vulnerable to being compromised. Even the best VPNs can’t protect your accounts from being compromised if you’re using weak passwords or reusing the same password across accounts.
Phishing attacks
Cybercriminals use phishing attacks to try to get victims to disclose their personal information by pretending to be a person or organization the victim knows. Phishing attacks are typically carried out through emails, social media messages, text messages and phone calls. If you’re not aware of how to spot phishing attempts, you’ll likely fall for one by clicking a malicious link or attachment that can end up downloading malware on your device. If you do end up falling for a phishing attack, a VPN can’t do anything to protect you from it.
Illegitimate websites
Illegitimate websites are designed to steal the personal information of the people who end up on them, usually through malicious ads and links. If you end up on an illegitimate website as you’re browsing online, a VPN can’t prevent malware from installing on your computer.
How to protect yourself from hackers
Here are a few of our tips to stay protected from hackers when you’re online.
Use a password manager
Password managers help users create, store and manage passwords for all of their accounts. They can also securely store other data like passkeys, credit card information, files and images. By using a password manager you can ensure that your passwords are always made strong and aren’t being reused across multiple accounts.
While using strong passwords is important, if any of your accounts support the use of passkeys, we strongly encourage you to enable it as a sign-in method. Passkeys offer a lot more security than passwords and are resistant to phishing attacks by design.
Enable MFA for every online account
When Multi-Factor Authentication (MFA) is enabled on one of your accounts, rather than only entering your username and password, you also have to verify your identity using additional authentication methods. MFA adds extra layers of security to your accounts, making it more difficult for cybercriminals to be able to access your account even if they know your password.
Keep your devices and software up to date
Keeping up with software updates on your devices and applications is often seen as an inconvenience, but they’re extremely important. Software updates patch known security vulnerabilities, add new security features and fix bug issues. When security vulnerabilities are left unpatched, it opens up a backdoor for cybercriminals to easily exploit them. As soon as a software update becomes available, don’t wait, download it immediately.
Learn to spot phishing scams
The best way to protect yourself from phishing scams is by learning how to spot them. Although cybercriminals have been leveraging AI to make their phishing scams more difficult to spot, there are still some major red flags you can look for. Here are a few of the most common red flags:
- Being asked to provide personal information (e.g. credit card number, login credentials)
- Urging you to click on links and attachments
- Offers that seem too good to be true
- Threats that if you don’t follow their instructions there’ll be serious consequences
Monitor the dark web for your personal information
As soon as your personal information ends up on the dark web, you should know. Signing up for a dark web monitoring subscription means you’ll be sent real-time alerts when your information is found on the dark web so you can take immediate action. Suppose you get a dark web alert that your Facebook login credentials were found on the dark web. Since you received an alert, you can act right away to prevent account compromise by updating your password and enabling MFA if you haven’t already.
Install antivirus software on your computer
Antivirus software can help keep your computer protected from malware infections. This software constantly scans your computer for known malware and viruses and removes them before they’re able to infect your device. Not all antivirus software is created equally. We recommend doing your research before downloading antivirus software. One of the most important features you’ll want to look out for is how quickly the antivirus provider updates their database – the more quickly a provider updates their database, the better because that means they’re able to protect you from newer malware threats.
Don’t solely rely on VPNs to stay protected online
While VPNs do provide users with some level of security and privacy protection when you’re online, they can’t protect users from all types of online threats. Staying safe online requires a solid understanding of cybersecurity best practices and tools that make following those best practices easier.
A password manager like Keeper® helps you protect your most important information, including your login credentials. If your accounts aren’t protected with strong passwords, the chances of them being compromised are dramatically higher. Curious to see how a password manager can help you stay safe online? Start a free 30-day trial of Keeper Password Manager today.
Start Free Trial
