5 Ways Your Personal Information May End Up On The Dark Web
As technology advances, cybersecurity has never been more important. Each new device we connect to the internet further opens the door for cyberattacks and leaks of our personal information onto the dark web. But what is this part of the internet?
You can think of the dark web as the deepest part of the internet. You can't easily access the dark web through a conventional browser, like Google Chrome or Apple's Safari. Instead, you need special software, which both grants you access and tries to make you anonymous as you surf. The dark web's seeming anonymity has attracted a lot of illegal activity over the years, where hackers run dark web marketplaces worth billions selling drugs, malware, and other people's personal information.
The illegal trade of people's private information is enormous, too. In 2017, Pew Research found that nearly two-thirds of Americans had experienced some form of data breach, and that was before Equifax announced a shocking security breach that was even worse, compromising the private records of more than 147 million people. There are some ways you can prevent the spread of your information, such as by hiring a personal information security company. There's even a hidden Google feature that will scan the dark web for your email address so you can know when it's out there.
One way to protect your personal information from leaking is to understand how it may end up on the dark web in the first place. Here are some ways that can happen, and what you can do to protect yourself.
Spot social media leaks
Social media is a massive hub for information, whether you're staying informed on the news, interacting with friends, or sharing memes. However, if you aren't careful, you could be a sitting duck for cybercriminals. On sites like Facebook, many people aren't aware of the privacy settings they need to change. As a result, people often publicly post private information like their full name, birth date, and sometimes even their phone number or home address. A quick scroll through your feeds can also reveal your interests, pet names, friends, and family. All of this data could be used by criminals to answer security questions as they attempt to hack into your accounts.
Another risk is social media impersonations, a digital identity theft tactic commonly used by cybercriminals. Scammers create profiles using someone else's name and pictures and contact those people's friends on social media. The goal is often to ask those friends for information, money, or anything else they could benefit from at someone else's expense. The Federal Bureau of Investigation (FBI) estimated last year that this form of identity theft has caused a loss of over $5 billion worldwide.
The easiest way to avoid leaking information is to be vigilant. Be wary of accounts sending messages that sound unnatural. Avoid posting publicly. Vet friend requests from strangers before accepting them. And try not to click on random links people share, as they can lead to sketchy websites.
Stop data breaches
Data breaches are arguably the number one reason your personal information may end up on the dark web. Chances are that your information has already leaked online because of a significant data breach.
Data breaches occur when hackers launch a cyberattack on a server, releasing many individuals' private information to areas like the dark web. Credit card information, bank details, social security numbers, and medical history are all technically at risk of leaking to the dark web if criminals decide to attack specific data centers. Data breaches can happen in many ways, ranging from advanced cyberattacks to simple trickery that convinces an everyday employee to give hackers access.
Some precautions you can take include always enabling two-factor authentication, as well as making sure to delete old unused accounts. In Europe, the General Data Protection Regulation (GDPR) requires companies to report a data breach when they learn about it. Companies in other parts of the world sometimes share that information too, like recently when AT&T reset millions of user passcodes after a data breach impacting more than 70 million people. Still, these attacks can sometimes go unnoticed, or unreported, for months or even years.
Understand malware
One of the risks of clicking on a sketchy link is that it can infect your device with malware, or malicious software. These insidious apps, which often work quietly in the background of your computer, can take control of your browser, steal information, and possibly spread like a virus to other devices on your network.
One common form of malware is called ransomware, which locks down your device and demands you pay a ransom to hackers before they send you a passcode to get back in. Even if you pay the hackers, though, it's important to remember they are criminals and may decide not to send you the unlock key. The FBI recommends not to pay in response to a ransomware attack.
Another type of malware is called spyware, which allows someone to spy on your device by taking screenshots of your activity, tracking your keystrokes, or even remotely turning on your computer's microphone and camera. All the details the hacker gathers can be used to steal your personal information and compromise your work.
To stay protected, it's best to understand that the most common ways malware is spread is through phishing emails, fraudulent websites, and fake apps. Staying informed and on guard is the best way to protect yourself, your devices, and your personal information from malware.
Be on guard for phishing attacks
As you've likely realized by now, there are different types of cyberattacks and many ways to protect from them. Phishing is one of the most common attacks. Like social media impersonations, phishing attacks attempt to persuade someone to reveal personal information like passwords and credit card numbers. If you fall victim to it, that information will likely end up used by hackers or sold on the dark web.
Phishing usually occurs when cybercriminals send a message by email, social media or text (called smishing ) with malicious links or attachments. Once the victim clicks the link, it redirects them to a fake website or installs malware on the device. Either way, they can download your personal information and subsequently do anything they want with the data. If you're worried about the validity of a website, particularly if you're buying something, here are some helpful tips to determine if you're on a scam website before pressing "Add to Cart."
While 35% of all ransomware attacks are delivered through email, it can happen practically anywhere. One popular scam is during tax season, where spam callers pretend to be the Internal Revenue Service (IRS) to find victims. And if you run across a random pop-up ad promising a free iPhone or Amazon gift card, it's likely a phishing scam.
Fight digital identity theft
Looking at all the numbers and the data, digital identity theft can seem like an inevitability. Given the sheer volume of information online, digital identity theft makes its offline counterpart seem like a walk in the park. Part of that is because of how detailed the information floating online about us can be. Once a hacker has enough to begin stealing your identity, nothing seems safe.
Phishing, data breaches, and spyware aren't the only ways cybercriminals perform digital identity theft. They can try multiple combinations of usernames and passwords, brute-forcing their way into your accounts, too. They can collect information from social media to impersonate you while contacting customer support representatives from the services you use. Some criminals even hijack your email and copy or redirect confidential messages to themselves.
The easiest way you can start protecting yourself from digital identity theft is by using strong, unique passwords on every website you go to. If that seems daunting, maybe it's a sign of why you need to start using a password manager.
Strong passwords, combined with frequently monitoring your bank and credit card accounts, and never clicking suspicious links, may not stop cybercriminals from causing chaos, but it goes a long way toward slowing them down.