The internet you perceive and experience daily is just a tiny fraction of the web. Beyond news sites, social media platforms, and email on the “surface web” lies something far more sinister in a part of the internet known as the “dark web.”
The term itself is known to send chills down one’s spine because there are thousands of stories about the dark web and rampant cybercrime. As the threat of identity theft is ever present, concerns about the dark web are certainly founded.
The dark web is a little challenging to access if you don’t know anything about it. However, it hosts tons of communities and marketplaces and has a thriving economy driven by the sale of illicit goods and information.
If your user details are being bought and sold on dark web marketplaces, you must quickly change your passwords and monitor activity on online banking accounts, credit cards, and breached platforms.
But how do you know if your personally identifiable data is compromised? Before we answer that question, let’s define it.
What is the Dark Web?
The term “dark web” essentially describes encrypted content that is unindexed by search engines. You will need something other than web browsers like Chrome or Edge to access the dark web. You need a special web browser like the Tor Browser (or Onion Browser) or authorization to access.
Although people use terms like the dark web, “deep web,” and “darknet” interchangeably, they don’t exactly mean the same thing. Although there are some similarities, they are vastly different.
- Deep Web: This describes all the content that search engines can’t index but exist on shared encrypted networks. In that sense, we can say that the dark web and deep web are closely connected.
- Darknet: The dark net or dark internet refers to a particular set of web data that’s specific to one niche that users want to keep private and untraceable. Although that sounds malicious, most of the darknet contains raw data used by researchers and scientists. This is also where many reporters, whistleblowers, and activists communicate.
Criminal forums and marketplaces exist on the dark web and are only accessible with specific network configurations and browsers. Unlike standard web pages that collect user data, privacy and anonymity are always paramount on dark websites.
The dark web plays a role in all the data breaches reported in the news. This is because cybercriminals like identity thieves buy, sell, and trade this information in dark web marketplaces and forums.
Dark web marketplaces often deal with the following:
- Bank account details
- Child pornography
- Credit card numbers
- Hackers for hire
- Human trafficking
- Illicit drugs
- Passport numbers
- Phone numbers
- Social Security Numbers (SSNs)
Whenever sensitive data and personally identifiable information end up on the dark web, you can expect a whole host of problems to follow. This includes corporate espionage, financial fraud, and sometimes, the impersonation of friends, family, and coworkers (with malicious intent).
Having robust cybersecurity tools, including antivirus software and VPN solutions, are helpful, but they can’t keep your data off dark marketplaces. This is because other entities you engage, like employers, healthcare providers, insurers, retailers, and even government agencies, can fall victim to a security event and leak your data.
No one is safe; even technology giants like Amazon, Yahoo, and leading credit bureaus like Experian and Equifax have all fallen victim to a data breach.
How Does Data End up on the Dark Web?
Sensitive corporate and personal data ends up on the dark web in several different ways. For example, your personal information may have been included in a data dump from a recent data breach. Or it could have been stolen while using a public WIFI, visits to unsecure websites, social engineering attacks, including phishing, ransomware attacks (even when the ransom is paid), and the failure to shred documents with sensitive information.
For example, hackers may breach enterprise databases and steal personally identifiable information, including full names, date of birth, driver’s license numbers, bank account numbers, addresses, user IDs, passwords, and phone numbers.
Those who are working remotely from coffee shops using unsecured Wi-Fi networks sometimes end up sharing everything they do online with threat actors. People who click on malicious links on social media (and emails) also freely share their personal information.
How Do You Know if Your Information Is on the Dark Web?
If your data is available on the dark web, one of the easiest ways to find out is to check the “Have I Been Pwned” (HIBP) website. It’s a free service, and all you have to do is conduct a search using your email address or phone number.
If your data is actively being bought and sold online, there are some signs that will alert you to identify theft. For example, you might notice unusual activity in your bank statements and email accounts. Any suspicious activity, no matter how small, must be taken seriously.
You can also take a proactive approach by engaging in dark web monitoring, dark web scans, and setting up fraud alerts. But don’t stop there, as cybersecurity is an ongoing concern. Take proactive steps to protect your sensitive data and remain vigilant.
In this case, signing up for credit monitoring and checking your rating regularly is also a good idea. It’s also a good idea to take it a step further and leverage a dark web monitoring service.
Although all these steps may seem excessive, always remember that once your information is on the dark web, it’s almost impossible to remove it altogether. Websites on the darknet don’t last long and are reincarnated often under a different name. As such, bad actors can replicate your data multiple times for profit.
Suppose you take a proactive approach to security and take every step to protect your data, and you notice some lapses. In that case, your personal information is probably on the dark web. Unusual activity often comes from a “dark” place.
What if You Find Your Personal Information on the Dark Web?
Even if you can’t remove all traces of your data from the dark web, there are steps you can take to mitigate risk. To keep your data from being used by malicious individuals, you can do the following:
1. Scan All Devices for Malware
Conduct comprehensive malware scans on your mobile phone, tablet, laptop, or desktop. If you find trojans, viruses, and other forms of malware, take steps to quarantine and clean the device.
Whenever data leaks compromise sensitive business data, it helps to engage a managed security services provider. This approach helps mitigate risk and reduce the chances of another security event occurring again.
2. Change Passwords
Following password security best practices is critical to limit the fallout from a data leak. So, always use strong passwords and never use your name, birthdate, or anything else that cybercriminals can guess using information available online.
It’s also imperative not to use the same password on more than one account. Whenever you use the same password across multiple accounts, hackers will be able to access all accounts after breaching just one of them. This is also a perfect time to start using a password manager.
3. Multi-Factor Authentication
Multi-factor authentication (MFA) verifies user identity using more than one authentication method. For example, you can use the Google Authenticator app to enter a code generated in real-time to log in to your bank account.
Whenever you verify using a code, the bank and other entities know that you know your username and password and have complete control of the device associated with the account.
Even if your username and password are already on the dark web, MFA ensures that no one else gains access to your accounts. MFA can take the form of an authenticator app, email, facial recognition, fingerprint, push notifications, or SMS. However, email and text message MFAs are the least secure of all these options.
4. Add SIM-Swapping Protection
As SIM swapping is a common tactic used by threat actors, it’ll help to get SIM-swapping protection. SIM-swapping is the same as swapping out your SIM to activate a new phone. The only difference is that cybercriminals trick or bribe employees at mobile phone carriers instead of using your SIM.
Whenever threat actors manage to get insider help, they can quickly receive your MFA codes sent to the phone in their control to access your accounts. If your mobile phone carrier has a security feature that prevents numbers from being ported to new phones, sign up for it.
5. Review Your Credit Report
You can quickly identify suspicious activities by closely monitoring your credit report and online accounts. For example, an unexpected drop in your credit score can be a sign of illegal activity, including identity theft.
6. Notify Credit Bureaus
Whenever you fall victim to a data leak, it’s crucial to inform leading credit bureaus like Experian, Equifax, and TransUnion. They have multiple options to prevent fraudulent credit requests, including two-factor authentication on all credit pulls.
Even after you have done the needful, tracking charges on your credit card statement is vital. Credit cards are highly attractive to hackers, and they often get away with using multiple credit cards with charges (usually small amounts) that go unnoticed.
7. Freeze Your Credit
You can also ask credit bureaus to freeze your credit report. This approach will stop anyone else from opening new accounts in your name. This is because lenders won’t be able to access your frozen credit report to make lending decisions.
As this is a free feature offered by credit bureaus, take advantage of it. However, you have to contact the credit bureau directly to get it. It’s also important to unfreeze or temporarily thaw credit reports when applying for a new credit card. If it sounds like too much work, then it’s best to sign up for a fraud alert.
8. Stay Alert to Social Engineering Attacks
Stay alert to cyberattacks like social engineering campaigns. If criminals have some of your information and need more, they will target you with various scams to try and get more information.
So, refrain from sharing too much information online, avoid clicking on suspicious links, and avoid answering questions on memes that often mimic security questions.
9. Be Wary of App Settings
There are a lot of mobile apps out there, and most are harmless. However, there are many apps that request access to your photos, contact lists, location, and even your camera and microphone.
These apps may contain malware used to collect your data in real-time and share it with criminals. So, quickly change your Android or iPhone settings to limit exposure to such applications.
The dark web is just like any lousy neighborhood that citizens avoid. But not all activity on the dark web is necessarily illegal. Sometimes people prefer to remain anonymous because of fear of repercussions from oppressive governments. Journalists also turn to the dark web to keep informers anonymous and safe.
Unfortunately, the anonymity and privacy awarded to dark web users have attracted a bad reputation and individuals who want to engage in illicit activities.
In the current threat landscape, we are all targets and must take a proactive approach to cybersecurity and remain cautious. If not, there’s a high probability of your data ending up on the dark web.