Data breaches sometimes make headlines but usually only when they involve large companies (like a major oil pipeline). In fact, there were roughly 2,935 publicly reported breaches in the first three quarters of 2020. But identity fraud, defined as using another person’s personal information to steal money, affected more than 14 million Americans in 2019. So, how does this happen, and what really is the dark web?
What really is the dark web?
Much of the business of identity fraud takes place on the dark web. What is the dark web? If you think of the internet as having three places, you can understand what is meant by the dark web. The first place is the “surface web,” which is where most of us do our surfing. This is the public, searchable part of the web that doesn’t require any password to access. Think Google, Facebook or Amazon.
Then there is the “deep web,” which has databases that only can be accessed with logins for specific websites. Think LexisNexis and Westlaw, or the U.S. Patent Office.
Finally, the “dark web,” which is accessible only to people who use a specific software called The Onion Router (TOR), which the U.S. Navy developed for intelligence traffic. Although downloading TOR is open to the public, messages sent are anonymous, hide the user’s IP address, and transactions are usually conducted in cryptocurrency, making the dark web perfect for criminal activity.
The dark web and identity fraud
Although not all the traffic on the dark web is for nefarious purposes (It is also used for political dissidents and intelligence communications.), much of what transpires is crypto criminality. It is where most of the business of stolen digital goods takes place. These pieces of stolen identity include credit card numbers, logins, passwords, birthdates, addresses, phone numbers, mothers’ maiden names and, most frighteningly of all, Social Security numbers. Even more surprising is that a Social Security number can be bought on the dark web for as little as $2.99.
What the heck is a fullz?
While a Social Security number can be purchased for relatively little money, a complete package of everything needed to commit identity theft, called a fullz, sells for anywhere from $20 to more than $100 dollars. This would include not only Social Security numbers and everything listed above, but other information such as driver license numbers and answers to knowledge-based security questions!
Takeaway: What should you do?
Take these three basic steps to keep yourself from being a victim:
- Freeze your credit on the three credit reporting sites.
- Monitor all your bank and credit accounts.
- Keep your passwords safe by using a password managing service.
Your personal information is probably already for sale on some part of the web. Protect yourself!
For more on cybersecurity, check this out.
Have something to add to this story? Comment below or join the discussion on Facebook.