These days, free credit monitoring services are easy to come by. You probably get monthly updates from your credit card company, as well as through sites like Credit Karma.
And while you might not pay a whole lot of attention to alerts about that credit card you opened recently or tiny changes to your credit score, thereâs one message thatâs sure to stop you from scrolling past:
Your personal information was found on the dark web.
Say what? If youâve heard anything about the dark web, you know that canât be a good thing. But what does it actually mean when your information is exposed to the dark web â and what can you do about it? Hereâs what you need to know.
What is the âdark web,â exactly?
If you imagine the internet as an iceberg, the visible part peeking above the water is the internet as we know it, explained Ana Bera, co-founder of home security website safeatlast.co. However, thereâs much more to it.
âThe part of the iceberg we donât get to see holds an enormous part of the web,â Bera said. In fact, up to 90% of the whole internet is considered to be the âdeep web.â Though it sounds ominous, the deep web is simply the parts of the internet that arenât indexed by search engines such as Google, and therefore, donât show up in search results pages. âThe deep web is usually benign and itâs filled with private databases not meant to be shared with the public,â Bera said.
For example, your Amazon account pages and online banking platform are all parts of the deep web.
The dark web, on the other hand, is more sinister. Bera explained that the dark web is a small section of the internet that people often use to stay anonymous. Not just anyone can hop onto the dark web and start browsing; the content here exists on an encrypted network and requires certain software and authorisation to access. Most websites that operate on the dark web use the Tor encryption tool, which much like a VPN, hides usersâ IP address and location.
âIt can be used by whistleblowers, by the intelligence community to protect their online communication and by âregularâ people who wish to hide their data from marketers and websites,â she said. However, thanks to the anonymity that the dark web provides, itâs also a hotbed of criminal activity, where people can buy and sell drugs, weapons and more.
âThere are identity thieves that use the dark web to buy and sell peopleâs personal information,â said Patricia Vercillo, vice president of operations at The Smith Investigation Agency, a private investigations firm. âIf youâve ever been hacked in the past, I can assure that the dark web is most likely where your personal information is currently living.â
According to Experian, that information can go for quite a bit of money, depending on what it is. For example, Social Security numbers sell for $1 each, while debit or credit card numbers can cost as much as $110. One of the most valuable items is a âFullz,â a bundle of information that includes a victimâs name, Social Security number, birth date and account numbers, which can be used to inflict a lot of damage right away. Passports and medical records can sell for $1,000 or more, depending on the completeness of the information and whether itâs a single entry or entire database.
But how do these criminals get their hands on your information in the first place?
There are numerous ways your personal information can be accessed by identity thieves. Sometimes, itâs as simple as leaving mail and other documents with sensitive information in the trash for someone to find. Other times, itâs due to a data breach that you have no control over. And sometimes, it can be weak Wi-Fi networks and online security.
If youâre browsing an unencrypted website, for example, hackers can stage a âman-in-the-middleâ attack, according to Vercillo. This involves intercepting communications and pulling information from your exchanges with another person or website. âJust think about all the information you currently share online on the regular,â she said.
Regardless of how your data was accessed, or whether or not it was your fault, thereâs a good chance that something is floating around the dark web, waiting for the right buyer.
What to do if your info is found on the dark web
If you receive a notification from your credit monitoring service that your information was found on the dark web, you might wonder what you can do about it. Unfortunately, the answer is not much. After all, you canât call up the head of the dark web and ask that your information kindly be removed.
Even so, there are a few precautionary measures you can take to make it harder for identity thieves to access your information, or use it if they already have it.
Avoid public Wi-Fi networks: You might be tempted to hop on the Wi-Fi at your local coffee shop or hotel to save cell phone data, but Vercillo says you should think twice. âThis is where hackers can easily place themselves and intercept online traffic,â she said. Even password-protected networks are vulnerable to hacking. If you must use the public Wi-Fi, avoid accessing any important information or accounts.
Use a password manager: One of the simplest ways to protect your personal information is by using a unique, complex password for every account and changing it regularly. But this is an area where we tend to get lazy. Think about it: How many of your accounts have the exact same password that youâve been using for years? Lancaster suggested using a password manager to simplify the process. These tools, many of which require a low monthly fee to use, create complex passwords for every account you own and store them all so you donât have to remember what they are. Just donât lose the master password to your manager.
Use two-factor authentication: If someone does get their hands on the password to your email or bank account, using an additional security step can prevent them from actually getting in. âPeople should make sure theyâve enabled two-step authentication on all online accounts,â Bera said. This means that when you attempt to login to an account, an additional step such as entering a code sent to your phone or verifying your identity with a fingerprint is also needed. In this case, a password alone isnât enough to get into the account.
Monitor your credit: Even if youâre super careful about protecting your personal information, data breaches are, unfortunately, an unavoidable reality these days. That means you have to be proactive about protecting your information and credit. âMost people hear about a breach here and breach there and just think, âIt happens, Iâm too small to be worried about that. No one really wants to get anything from me,ââ said Kevin Lancaster, co-founder and CEO of dark web monitoring company ID Agent. âUntil something happens, itâs kind of out of sight, out of mind.â The truth is that every bit of information has a price tag. Signing up for credit monitoring and regularly checking your credit reports will help you catch identity theft early, before too much damage has been done.
Freeze your credit: If you believe your personal information has been compromised, Vercillo recommends placing a freeze on your credit. A credit freeze, which is free to set up and remove, prevents lenders from pulling your credit file until theyâve taken an extra step to verify your identity first. This prevents others from opening new accounts in your name (though it doesnât stop someone from using an existing account, such as a credit card). To place a credit freeze, you need to contact each credit bureau individually. And you may want to consider freezing your childâs credit while youâre at it.