The Dark Web – Tips For Consumers to Protect Personal Data
The dark web is an increasing complex parallel internet known as the World Wide Web amount of content that exists on darknets, overlay networks which use the public Internet but require specific software, configurations or authorization to access to hide or display a dark variety of information, news and content most of the time non-ethical or legal.
It is a concept and reality that is affecting consumers and enterprises every day and increasingly a source of concern for users of the web as it hides scammers, criminal activity and hackers that use various forms of cyber crime for negative activities and other related forms that are affecting users and companies worldwide.
“DON’T BE COMPLACENT ABOUT PINS AND PASSWORDS”
Equifax recently released some information that is useful to companies and consumers to look how to handle security.
The recent cyber hack, hitting thousands of organisations worldwide, has brought the reliance on the internet and technology into sharp focus. Whilst the events were more about hackers holding large organisations to ransom, many individuals could be concerned about whether their personal data might be at risk as a result of the hack.
Credit information provider, Equifax, believes it’s important for consumers to understand the different layers of the web – the surface web, the deep web and the dark web – and how their personal information might be found and traded. “The better consumers understand how the internet and various new technologies work, the better armed they will be against the threat of fraud”, explained Lisa Hardstaff, identity fraud expert at Equifax. “There’s no room for complacency in this connected world.”
The surface web is any content that can be cataloged by search engines. This includes the types of websites we all use every day, which search engines like Google ‘index’ by following hyperlinks and tracking keywords.
Content in the deep web is not necessarily completely hidden or anonymous, but it cannot be indexed in the same way as the surface web. This includes content that is behind firewalls, and other types of protection, or things like a website’s internal search results.
The dark web is a section of the deep web that is deliberately hidden and cannot be accessed with regular web browsers. It was developed by the US government to allow intelligence to be shared around the world without fear of interception, by encrypting a user’s location and the information they send or receive. Inevitably a community of users grew that exploited this security for illicit means – giving rise to ‘the dark web.’
Research from Intelliagg* released in 2016 showed that the dark web is made up of around 30,000 websites, but 48% of the content could be deemed illegal. 40% of this illegal activity was categorised as ‘leaked data’ or ‘financial fraud’ – suggesting that the dark web is an important tool for criminals looking to compromise or abuse personal financial details, such as credit card numbers or bank log-in details.
Criminals on the dark web often sell packages containing people’s personal data, such as credit card numbers, including the CVV2 code and their name. Thieves steal financial details in a number of ways, including ‘phishing’ and malware, usually via emails or visiting unsafe websites, skimming card details or company data leaks.
At the heart of keeping personal data safe is the keys that unlock the information – passwords and PINs.
Equifax is, therefore, offering tips to consumers who might be worried that their identity could be at risk. “Online research** of over 2,000 people in 2016 found that more than a quarter (27%) change their online passwords less than once a year and 23% never change their passwords without being prompted” added Lisa Hardstaff. “The fact that people now have so many passwords to remember could be a reason why they don’t regularly update their passwords. But anyone concerned about the security of their financial information should think about changing their passwords and PINs.
“Choosing safe passwords has become a fixture in modern security, and as security becomes more complex so do the methods criminals will use to get past it. Criminals on the dark web often sell packages containing people’s personal data, such as credit card numbers, including the CVV2 code and their name. So understanding what makes a password strong can help keep information safe”.
“In addition to ensuring you have a strong password to reduce the risk of falling victim to identity fraud and other cybercrimes, it is also worth considering subscribing to a service like Equifax Identity Watch Pro which will alert you if your credit / debit card or personal information is found on websites used by fraudsters”.
A longer password will reduce the chances of someone guessing it or an attacker from cracking it. Websites can have different minimum length requirements for a password but aiming for between 8 and 32 characters is a good starting point.
Hackers may try to guess your passwords using clues from your identity. Avoiding passwords with your real name, username, children’s or pet’s names or any phrases related to you – like your address, birthday, school names, or company – will help make your password more secure.
Choosing different passwords for each website where you have entered details can prevent someone from using one password to access multiple accounts
Substituting numbers or symbols for letters, such as changing ‘turtledove’ to ‘turt13d0v3’, is a method well-known to hackers, and it may not be enough to prevent them from guessing your password – try some of the following best practices:
Avoid using words that can be found in a dictionary. Use a mix of upper and lower case letters, numbers, and symbols in an unpredictable order, e.g. Jan3#564@TRa1n.
Avoid company names or mimicking the username.
Avoid using more than two repeating characters, e.g. Jannnuary Yeeeear.
Keeping It Protected
There are a few ways to try to keep a password secure:Never share a password and PINs with anyone, even family. Avoid keeping your passwords written down and never store them on your web browser as this can be visible to hackers looking to steal your personal information. Using multi-factor authentication can add another level of security to your accounts as it asks for further verification of your identity before allowing access.
The extra verification may include: A piece of information only you know, such as a password or secret question and answer. A trusted device only you can access, like a mobile phone, where you’ll be told how to sign in something is difficult to fake, such as a fingerprint or retina scan.Downloading and installing anti-virus and online security software can help protect your computer from outside attacks, such as malware and viruses that could try to steal information from your computer.
When creating your password reset questions and answers, keep in mind how easy it might be to guess the answer – is the information readily available or easy to research? If so, it may be safer to choose a more difficult question.
Password managers can help keep your passwords safe and secure without the need to remember them. You can enter the passwords you use for different websites into the software, which remembers the passwords when you sign in – you’ll normally only have to remember one master password for the password manager. Different password managers work in different ways and can offer a variety of services:Some act as plugins or extensions for your browser. They can save entered passwords and re-enter them when you visit the site again.
They can also save and enter other information on the websites, such as your name, address, or phone number. Many password managers can detect when you change a password, and may either ask if they should update their database, or do it automatically
Password managers can also come with a built-in password generator. This creates and stores a secure password, so you won’t have to remember a complicated series of numbers and letters.
Some may be able to synchronise with accounts on other devices, such as your PC or Mac, phone, or tablet, and manage application passwords as well as web pages. Like any digital software, password managers can also be a target for fraudsters, so it’s important to look for well-known applications with established reputations – services that you pay for can usually be more secure than free applications. It’s important to research any product before downloading. It is also essential that the master password for the manager is a very secure one.
Equifax Identity Watch Pro includes WebDetect, which alerts individuals if their financial details are shared on websites used by fraudsters. Subscribers also get alerts within 24 hours of significant changes to their credit report, allowing them to act quickly to cancel cards and accounts before any serious damage is done. And with unlimited access to their latest credit report online, consumers can stay one step ahead of the criminals. The service costs £9.95 per month.