What is the dark web and how do you protect yourself? The dark web is a place where criminals buy and sell stolen personal information, such as credit card numbers, bank account passwords, and even Social Security numbers. Unfortunately, like most things on the internet, once the information is out there, it can’t be erased.
Susan Grant, CFA’s director of Consumer Protection and Privacy states,
“Dark web monitoring may be able to alert consumers that their stolen personal information is being offered for sale on the internet, but it can’t put the genie back in the bottle.”
More than 14.7 billion records have been reported lost or stolen since 2013, according to the Breach Level Index, with 6.4 million more added to the list every day.
Phishing is one-way people give away their sensitive information. They click on a link and the link takes them to a fake webpage that looks like an Office365 or a Google sign-in. They enter their password (which gives it to the attacker) then the webpage redirects them to the real webpage which looks like they just entered in the wrong password. Usually people don’t think twice about it.
The other way people’s information is obtained by attackers is from using the same username and password at multiple accounts and one of those businesses gets hacked.
What dark web and other types of monitoring can do is alert you so that you can take action to avoid or limit the damage that the fraudulent use of your personal information could cause and remedy any problems that have already occurred.
Even if you don’t have dark web monitoring, if there is reason to believe that your personal information has been stolen, you should assume that it can end up for sale on the dark web.
What you can do as a consumer and business to protect yourself from the dark web
- Monitor your accounts
Check your credit card, bank and other financial accounts once a week or so to look for anything suspicious.
- Supercharge your passwords
Your information can be obtained by attackers from a business being hacked. By using the same password or simple variations (i.e., admin1, admin 2, admin 3) for numerous accounts, you become vulnerable to what’s called “credential stuffing” — a cyberattack that uses stolen credentials from one site to gain unauthorized access to other sites. Criminals will use automated programs to try these stolen passwords on other accounts used by those breach victims.
For example, using the same password and username for your email account, LinkedIn, and Facebook accounts. If LinkedIn gets hacked, now the hackers have your email and password, which works for Facebook too.
This is why it’s recommended to create a unique password for every account. Using a Password manager can generate, securely store and provide easy access to all your passwords. LastPass and Dashlane are a couple of the password managers out there. A strong password is long (at least 12 characters), complex, random and unique for each of your online accounts.
Some sites are now offering or requiring Two-Factor Authentication when you login. Two-factor authentication is a much-needed extra layer of security. It’s an extra step for you to get in your account and an additional line of defense against hackers. 2FA means you will get a text, call or email that requires you to do something to verify your identity.
Learn more about Phishing Attacks and the Steps of Cybersecurity.
- Report identity theft and get a recovery plan
The Federal Trade Commission offers great, free resources to help you report and recover from identity theft with a personalized recovery plan and a step by step process for that plan. Go to https://www.identitytheft.gov/ to learn more.
For any additional help you can reach out to the experts at Rhyme. Call 800.362.4333 or submit a Contact Form.