You’ve heard of the “dark web” and wondered how it affects businesses (including small businesses).This was one of the topics discussed at a Federal Trade Commission meeting earlier this year identity theft. Recent headlines about high-profile data breaches have given added urgency to the discussion. So why is the dark web important to your company? Unfortunately, when a business suffers a breach, the dark web is often the next stop after sensitive data has been stolen.
What is the dark web?
This term describes areas of the Internet that are not indexed by traditional search engines. While not every site on the dark web is involved in criminal activity, the dark web is where sites that illegally sell consumer data and other black market goods tend to gather. For identity thieves, the dark web is a sophisticated marketplace that provides one-stop shopping for the tools to commit cybercrimes—whether it’s malware kits, stolen account information, or tools that help them profit from their crimes. “Place” or “Cash-out” services.
What is the connection between the dark web and typical high street or online businesses that suffer breaches?
In many cases, data stolen from businesses ends up on the dark web, where criminals buy and sell it to commit fraud, obtain false identity documents or fund their criminal organizations. At our recent identity theft conference, speakers described the big-box shopping experience that some websites offer fraudsters and the steps darknet profile providers take to keep their customers happy. For example, a website that specializes in stolen credit cards may allow identity thieves to place custom orders for the information they want to purchase, such as card type, issuing bank, city and state, and even zip code. According to the conference presenter, the price of stolen cards ranges from $15 to $50, with platinum and newer cards costing more. Some of these sites even engage in shady forms of “customer service”, offering support features and refund policies.
The dark web offers more than just stolen credit cards. Identity thieves may also obtain stolen bank accounts, health records, credentials and forged documents. They can even purchase entire wallets that include credit cards, driver’s licenses, and documents like Social Security numbers and birth certificates—everything a criminal needs to create a new identity.
How do identity thieves use stolen information?
The harm done by data criminals is limited only by the ingenuity of their malicious intent. “Classic” identity fraud typically involves using stolen information to obtain credit from a financial institution, including mortgages and other loans, or to apply for tax refunds or other government benefits owed to others. Then there’s the three-way e-commerce scam. That’s where identity thieves advertise high-end items for half price. When an unsuspecting consumer takes the bait, the scammer uses a stolen credit card to purchase the item from the retailer and then ships it directly to the consumer. The scammer then collects the purchase price from the consumer, making a substantial profit.
With all this information, identity thieves can also create synthetic identities. A Comprehensive status Is a combination of real and fictitious information (for example, a real Social Security number and a false name) used to create an identity used to defraud a financial institution, government agency, or individual. These new identities often contain a subset of real personal information, making them harder for victims to discover and crack. An estimated 50 percent of synthetic identities use a child’s Social Security number, according to one conference presenter.
How do identity thieves exploit stolen credentials?
Criminals have figured out how to make money not just from obviously valuable data like credit card or Social Security numbers, but also from stolen credentials like usernames and passwords. To profit from this data, scammers exploit the services of another darknet denizen – Account Checker. How does this work? Suppose hackers are able to steal usernames and passwords from websites that don’t allow them direct access to consumers’ financial accounts. Using brute force tools, the account checker uses the same username and password to attempt to access other sites where there is a greater likelihood of financial gain. They rely on the fact that despite recommendations that we should mix things up when it comes to usernames and passwords, people are known to repeat their favorite content online. It is estimated that at least 20 websites provide account checking services for more than 80 well-known enterprises (including e-commerce enterprises and brick-and-mortar enterprises).This proves that identity thieves are targeting all Consumer data—not just financial data—because they’ve learned how to turn seemingly innocuous information into cold, criminal cash.
How does the dark web affect small businesses?
With so much media focus on data breaches from companies that hold the personal information of millions of consumers, some small businesses and organizations may think cybercriminals won’t target them. They are wrong. First, the reality is that cybercriminals don’t always target specific businesses. They often use automated tools to identify vulnerabilities in any system, including small businesses. Second, as speakers pointed out at our conference, information sold on the dark web is up to 20 times more likely to come from entities that fail to report the breach in the media. Many of these are small retailers, restaurant chains, medical facilities, school districts, and more. In fact, most breaches investigated by the U.S. Secret Service involve small businesses.
There’s another way data breaches harm us all. Identity theft and fraud have become the preferred method of financing criminal activity in the United States and around the world. Experts attending our conference discussed how they are used to fund criminal organizations, drug and human trafficking, illegal weapons sales, revenge porn, extortion, state-sponsored hacking, and even murder-for-hire.
All of this data is linked to a real person (your customer) whose life could be adversely affected. Turning their financial affairs into a knotty knot is just the beginning. Some people have had their licenses revoked, been pulled over and arrested, or had criminal warrants issued in their own names for identity theft. Even their health may be at risk when their information is used to commit medical identity theft. It is understood that criminals will use stolen information to obtain medical services or prescription drugs in someone else’s name. When an identity theft victim’s medical records are mixed with the perpetrator’s health information, the consequences can be catastrophic.
What steps can your business take to reduce the risk of information you collect entering the dark web?
it Start with safety And continue to fulfill your commitments and stick to them.Federal Trade Commission‘The Data Security page provides resources for businesses of any size and industry. If your customers, employees or friends have been victims of identity theft, encourage them to report it and obtain a customized recovery plan at IdentityTheft.gov.
