What do you mean by VPN? if just pptp, then they could well listen to the traffic. They could steal a session from VK and sit there on your behalf without recognizing the password. Probably the same with mail.

VPN has nothing to do with it. There is a file in C:\Windows\System32\drivers\etc called hosts. It was needed in the good old days when the Internet was smaller, condensed milk was sweeter, and they didn’t put toilet paper in the sausage. Prescribed in it all the computers that were known. There is no strong need for this. But social network accounts are taken away by modifying this particular file. We write for example - classmates.ru are located at 178.80.32.31. And at this address we make a type of page for entering the social network. Then we redirect your request to them, and take away the password and login. =) I will pay attention that it is not enough to clean up these records, then you need to reboot the computer (so as not to complicate the life of the subject).
by the way. vpn is encrypted automatically.

1) Use authentication through a token.
2) Use foreign VPN services.
3) It all depends on the importance of the information. If you really need it, no VPN will save you.

1. two-factor authorization - when you try to login, you should receive an SMS on your phone.
2. complex, very complex passwords for the service. better generated and stored encrypted databases in utilities like keepassx (this one is available for all platforms - win, linux, mac, windows mobile. like even under windows phone and android)
3. work on an honestly purchased OS in the case of Microsoft (Vista +) or under Linux without administrative privileges - saves from getting a bunch of viruses.
4. Regular OS and software updates, especially Java and Flash, as well as antivirus if the OS is from Microsoft.
5. if you climb on a suspicious site - sandbox mode in the browser or a virtual machine for experiments.
6. and here you can remember about vpn, yes. By the way, it does not always have encryption.