Data breaches are never far away from the headlines these days, whether it’s a Russian hacking operation or a leak of email addresses and credit card numbers by a major brand. All this data ends up somewhere, and as research shows, often it is in the hands of fraudsters looking to use personal data to commit identity theft.
The “dark web” is one such place where private data changes hands, often for shockingly low sums. If you don’t know what the dark web is, you may have heard it mentioned alongside notorious online drug marketplace Silk Road, which rose to global prominence in 2013 following an FBI investigation.
What is the dark web?
It’s important to understand the difference between the surface web (which we all use every day) and the deep web, which is content that’s not indexed by Google or other search engines and is typically hidden to your average Internet user. The deep web is huge, and most of it is comprised of routine stuff like internal search results pages, content behind paywalls, and other web pages that don’t need to be seen.
A small part of the deep web is the dark web, an anonymous network that cannot be accessed by normal web browsers. It came about as a result of U.S. government trying to find a way to share intelligence around the world without fear of interception. A key element is the Tor browser, which uses onion routing to encrypt and bounce communications around the globe to hide their origin.
Although this technology is not inherently criminal, anonymity can be a powerful tool for people looking to cover their tracks online. The dark web is home to leaked documents, drugs, weapons, illegal fire-sharing, and perhaps most significantly for the general public, the sale of personal information like credit card numbers and passwords.
A 2016 report showed that credit card details from the UK, USA, and EU were changing hands for as little as $15 a piece, with premium cards (those with higher spending limits) going for $50 to $60. Access to email accounts and social media profiles were available from a little over $100 for a personal account up to $400 for a corporate account.
Identity fraud is part of an explosion in cybercrime that has happened over the last few years, as the security used by retailers and financial institutions struggles to keep up with changes in the way we store and share personal information. Also to blame is limited awareness among consumers of how to best protect themselves against fraud and what steps to take when sharing information online.
Once fraudsters get hold of your email account, credit card numbers, and personal information like your favourite color or mother’s maiden name, they have the tools they need to open new accounts or access your existing financial products. These different types of identity fraud can often take months or even years to be uncovered, let alone rectified. They can then cause lasting damage to your credit history and chances of borrowing in the future.
When it comes to protecting your data, there are a few key things to keep in mind. First, do not use the same password for all your accounts, because if one is breached, they all become vulnerable. Regularly change your password, and don’t pick something that’s easy to guess. Second, be wary whenever anyone asks you to provide personal information, online, over the phone, or in person. Phishing emails can be very convincing, and you may unwittingly hand out your password directly to hackers.
Finally, be careful about what information you put out on social media. It may seem innocent enough to tweet or post about your birthday, address, or the name of your favourite childhood pet, but guess what? Hackers can use information gathered from social media to help access accounts by resetting passwords or combining it with information stolen in data breaches.
You don’t need to be totally paranoid about your data, but if you want to be sure your details are not ending up on the dark web, caution is the best approach.
Learn more about the dark web: