The deep, dark web—what is it? What’s it used for? How does information end up there? And what should you do if your information is found there?
In this post, I’ll be diving into all the above. Let’s jump straight in.
First off: Let’s set the record straight. The deep web and the dark web are two different things.
The internet is comprised of three different “sections;” the surface web, deep web and dark web.
The surface web is what is searchable and indexed by sites like Google and Bing.
The deep web “refers to anything on the internet that is not indexed by and, therefore, accessible via a search engine.” (CSO Online) It includes paywall-only content and content that requires sign-in credentials, like medical records, membership websites and confidential corporate web pages.
Much of the internet is comprised of the deep web.
The dark web is a vastly different, primarily nefarious subset of the deep web. Although not all the dark web is used for illegal purposes, it is known as the birth date, social security and bank account number marketplace…which brings us to fact #2.
I’ve personally had my credit card number stolen. Years ago, before I did much (if any) online shopping, I noticed a few transactions hit my account. The transactions were all New York City-based. (I live in the middle-of-nowhere New Hampshire.) The charges were for small amounts at a well-known fast-food restaurant. (Charging small amounts to see if the legitimate owner notices is a well-known tactic. The criminal’s thought process is, “If they don’t notice these transactions, they most likely won’t notice incrementally larger amounts…and I’ll be able to use the card for longer.”)
I immediately called my bank, notified them that my credit card number had been stolen and canceled my card.
How did it happen? My credit card was still in my wallet; I didn’t have more than one copy of it. I hypothesize that my credit card information was picked up via scanner while I was in a public place, then sold on the dark web.
It’s easy enough to purchase a credit card scanner. (For this blog post, I searched “credit card scanner” and found several surface web websites selling them.) In the U.S. alone, there are “1.6 million card numbers for sale.” (pcmag.com)
Unfortunately, there’s no definitive method to prevent your information from getting onto the dark web, but that doesn’t mean you can’t try.
Anyone who browses online must know how to protect themselves from the dark web.
As individuals, we must protect our personal information from getting misused online. But it’s just as essential to ensure our work credentials aren’t getting traded around on the dark web.
To ensure your information remains private, here are a few things you can do to protect yourself from having your information leaked on the dark web:
Okay, so we’ve learned that it’s near impossible to keep your information from ending up on the dark web. We’ve also learned that there are ways to protect yourself…but nothing is guaranteed.
So…what can be done?
Luckily, there are ways to determine if your information is on the dark web. Products like Right Networks’ Security Awareness Training provide a service called dark web monitoring.
Not all dark web monitoring services are built the same, but Right Networks’ monitoring continuously scans the dark web for illicit activity involving your brand 24x7x365.
Here’s how it works. You work for XYZ Accounting Firm and use the domain @xyzcpas. One day, your email address and password appear for sale on a dark web website. Right Networks is alerted, and then you are, too.
Dark web monitoring is essential because it protects your brand from being sabotaged by malicious individuals.
Think back to the personal example I provided in the buying and selling stolen credentials section.
What if it had been my QuickBooks® login credentials rather than my personal credit card information? In one fell swoop, the buyer of my credentials would have access to my entire book of business, including their customers’ contact information and financial data.
Lastly, you can do a few things if your information is on the dark web. Your exact actions will depend on the specific information found, but it’s safe to say that practicing all of these steps for all of your accounts is a good idea:
Beyond these steps, it is your responsibility to be proactive about your data privacy and security. Invest in a security awareness training program. Install local machine security services. Begin working from cloud-hosted programs.
And always remember that at Right Networks, we offer all of these solutions to help businesses like yours stay secure.
For more security information, visit us at rightnetworks.com/cybersecurity-solutions.
Recommended for you
Subscribe to Our Blog
Join our mailing list and get all of the latest news delivered straight to your inbox.