Statista reports that there were 4.66 billion active internet users as of October 2020. While the popularity of the internet is almost near-universal, little is known about a part of it called the Dark Web The Dark Web is that part of the worldwide web that is hidden and cannot be searched through conventional search engines. There are three levels to the world wide web: the public web, the deep web, and the dark web.
Web Categories
Public Web: This is the open internet, the sites here are unencrypted and usually have low base anonymity with most sites identifying uses with their IP address.
Deep Web: This refers to the part of the internet that is not indexed by search engines. This means that you can’t search out this part of the web but need links to access it.
Dark Web: This is part of the deep web but you need special software, configuration, or authorization to access it.
The figure below shows the difference between the public, deep and dark web.
The Criminalization of the Dark Web
The Dark Web has become the center of much illegal activity on the internet due to its encrypted nature and ability the hide IP addresses, but this was not always the case. The initial aim was for dissidents in repressive countries to be able to communicate without having their identities exposed. Unfortunately, criminals latched onto the anonymous nature of the dark web and have since used it for their nefarious activities. One of such illegal activities is the trade in personal information. Criminals have become incredibly adept at monetizing stolen identities on a massive scale.
Cyber-criminals sell stolen information on black markets on the dark web either individually or in lots, and the price varies depending on how much value the buyer can get from the information. Credit card numbers are typically sold in bulk to brokers, who then sell the numbers to individual buyers. Top sellers can even give away personal records as free samples so buyers can see the quality of their wares. This chain of distribution lets cyber-thieves concentrate on stealing information without the effort of exploiting it, and it makes it harder for law enforcement to trace the theft back to the source. Below are some figures provided by privacyaffairs.com on how much personal information can be sold for on the Dark Web.
What to do If your information Turns up on the Dark Web
This unsavory situation can occur to anyone. You don’t have to do anything wrong, all it takes is for your service provider to be compromised and the data you supplied them stolen. As of the third quarter of 2020, Risked Based Security reported that there were 2,953 breaches with 36 billion records exposed.
The steps you should take when informed that your data is on the dark web should depend on the type of information that was exposed. Below are the various types of personal information and the steps you should take when informed about exposure or potential exposure.
A) Email and Password
I. Change passwords – Once you’ve been notified of a breach, the first thing to do is to change the password associated with that account. An easy way to generate a good strong password is to use a password manager. You don’t have to remember the password. They are generated and stored by the manager. This is both convenient and secure.
ii Implement 2-factor authentication on email account – As another proactive measure for safeguarding your account, you might consider setting up a 2-factor authentication for your email account. How does this work? This ensures that when you’re signing in on a new device, an extra confirmation is required to successfully grant you access. The 2nd-factor authentication may be linked to your phone number. This implies that when you attempt to sign in, you will receive a text on your phone bearing some random numbers. These numbers are referred to as OTP (One Time Password) which is subject to expiration if not used within a given period. Similarly, you may install an authenticator application on your device which serves the same purpose. You will have to generate an OTP on the app before gaining access.
Iii. Use an Email and Password Monitoring service – Not all data theft or exposures are reported, hence it is imperative to use a service that will notify you if your email or password were involved in a breach. These are paid services that can notify you via email or some means. Alternatively, you can use free services like haveibeenpwned.com to manually check if your email or password has been involved in a breach or is on the dark web.
B) Debit or Credit Card Details
I.Cancel cards – Immediately you’re informed of any exposure concerning your cards, you should cancel them. This can be done via your bank mobile app, shortcode, or calling customer service.
II.Order a temporary freeze – Ask the bank to temporarily freeze the account the card is connected to while you monitor it for suspicious transactions
III. Use a Prepaid Virtual Card – As a proactive measure, you should consider acquiring a virtual card for all your online transactions. You can only fund the card with the value required for the transaction you need to do. The advantage of the virtual card is that if the details are exposed online your risk is minimal and cannot exceed the amount on the virtual card. This means that you don’t get to submit details to your savings or current account ATM cards indiscriminately online.
C.Date of Birth, Phone Number, BVN
If you’ve been notified or received credible information that your Date of Birth, Phone Number, or BVN has been exposed on the dark web, then you should take the following steps
I.Dispose of the phone number if you can. If you cannot do this then make sure you screen calls and messages received on that number. Be wary of receiving calls or SMS from numbers that are not in your contacts list.
II.Expect calls from fraudsters trying to use details such as your BVN and Date of Birth to impersonate a trusted entity such as your bank. Immediately hang up on any caller referencing such details and delete messages doing the same.
Contributors: Offor Chubuike Gabriel, Teslimat Adedamola Okanlawon, Oluwabunmi Adeyemo.
One Response
Very educative. Thank you very much.