Dark web 101
To most people, the World Wide Web is a vast wonderland where you can watch cat videos, see what your old college roommate is up to, rent a movie or buy a car.
The online world most people see, however, makes up just 4% of what’s out there, according to IdentityForce, a company that provides identity, privacy and credit protection for individuals, businesses and government agencies.
The rest of it is part of the so-called “deep web” — content that can’t be found by just anyone typing keywords into Google.
Much of the deep web houses protected information: tax records, medical data, banking numbers or government secrets. While it’s hidden from the public, you can still access this data as long as you have the right links and passwords, like how you check your bank balance and log into your company’s email system.
A sliver of that — known as the dark web — is where things can get scary. The dark web is a collection of private networks and web pages that are so well hidden they can’t be accessed without special software. That software also allows users to stay completely anonymous from anyone trying to track their identity or location.
As a result, this murky corner of the web has become a black market for sophisticated cyber thieves.
“Consumers should think of the dark web as the backrooms where criminals buy, sell and trade all sorts of illegal wares — including the compromised personal information of consumers,” says Al Pascual, senior vice president of data breach solutions at Sontiq, the parent company of IdentityForce.
And the threat is only growing. In 2019, a total of 18.7 billion identity records were circulating on the dark web, up 25% from the previous year, according to the latest 4iQ Identity Breach Report.
How does personal info get on the dark web?
Consumers’ personal and financial information can be stolen in a variety of ways, including company data breaches, malicious software, social engineering — underhanded tricks that convince people to hand over their details — or even publicly available data sources.
Consider a ransomware attack, when an attacker uses malware to encrypt a company’s data or customer records and then demands a ransom to restore it. If the company doesn’t pay up, criminals may auction off the data to the highest bidder.
Fraudsters who specialize in identity crimes will buy the data on the dark web using anonymous cryptocurrency, then get to work on a variety of schemes.
“New financial credit account fraud can lead to victims being hounded by collections agencies for loans they never received, and even lose out on the chance to obtain the credit they need to buy a car or home,” Pascual says. “Or even worse, have their identity misused to obtain medical care that is appended to their health record, creating future risk of misdiagnosis.”
While law enforcement agencies are doing their best to track down and catch every individual involved in cyber crimes, Pascual says, many of the criminals are not within U.S. borders, which makes catching them difficult, if not impossible.
What are the costs?
For ordinary people, the impacts can be devastating. Financial losses from all types of identity fraud skyrocketed to a spine-chilling $56 billion in 2020, according to a study from digital advisory firm Javelin Strategy & Research.
“We saw a huge uptick in scams as a result of the pandemic and consumers being isolated for a good three to four months during the height of the global lockdown,” says Tracy Kitten, director of fraud and security for Javelin.
With people spending way more time at home shopping, banking, browsing, streaming and communicating online, even more data is making its way into the dark web. It’s easy to find passwords for emails, Netflix accounts and online banking accounts, Kitten says. Criminals are also trading mobile numbers (used to circumvent one-time passcodes), dates of birth, Social Security numbers and stolen credit card numbers with expiration dates.
That’s more than enough information to allow criminals to conduct fraudulent activity in your name.
One in five victims lose more than $20,000, according to a recent survey from the Identity Theft Resource Center. And the danger goes beyond the financial — victims might have trouble renting an apartment, traveling or getting a government ID renewed. Their hard-earned credit scores are often decimated. They could even find a warrant issued for their arrest for a crime the thief committed.
Recovering from this type of crime can take years, in some of the worst cases.
How to keep your info off the dark web
Banks and other large e-commerce institutions have tightened their security to help prevent breaches. But with crooks getting more sophisticated all the time, consumers also need to step up to protect their pocketbooks.
That’s a challenge, because cyber attacks come in many forms, and people need to protect more than 60 types of personal information.
In one common scenario, Kitten says, a consumer might receive a text message and click on a link that infects their device with malware. But your identity can also be stolen by people rummaging through your trash or mailbox for important documents. Or you might just drop your wallet on the bus.
The most basic advice is to be mindful of how much information you share publicly, whether it’s on social media or with any number of service providers — even if the source seems familiar. For example, it’s rarely necessary to give your medical providers your Social Security number, even though you may be asked for it.
To protect yourself further — and help restore your identity quickly if it does get stolen — you may want to invest in an identity theft protection service.
Signing up for IdentityForce can quickly uncover whether your identity is being traded on the dark web — either right now or in the future.
The company is constantly scanning thousands of websites, chat rooms and other places frequented by hackers and cyberthieves across the dark web. Whenever the company finds data belonging to one of its customers, it sends an immediate alert and provides next steps to help them protect themselves and their finances.
The IdentityForce mobile app also allows customers to review their own financial and personal information, so they can keep an eye out for suspicious activity, too.
That 24/7 monitoring, plus $1 million in identity fraud insurance, starts at about $18 per month — the same cost as a premium Netflix account. Identity protection isn’t nearly as fun, but with tens of thousands of dollars on the line, peace of mind is worth a lot.