How to Stay Safe Despite the Dark Web
When it comes to dark web security tips and protecting your identity, just assume that all your personal information is available somewhere on the web, says David Myroup, senior vice president of enterprise fraud at First Citizens.
It's an unfortunate reality given the amount of electronic data we provide nearly every day, combined with a growing number of data breaches occurring around the world. Total fraud and identity theft cases have nearly tripled over the past decade, according to the nonprofit National Council on Identity Theft Protection—rising to more than 1.4 million a year by 2022.
Dark web security tips to protect your finances
Once cybercriminals get your data, they often make it available for sale on the dark web—a portion of the internet that's not accessible from ordinary browsers. According to a recent report in the online cybersecurity magazine Dark Reading, about 6.7 billion unique sets of usernames and passwords are available on the dark web, and the overall number of username and password combinations for sale has increased by 65% since 2020.
The information scammers collect from the dark web is often incomplete, but the availability of so much of it is partly what's led to an increase in the number of scams and their effectiveness.
"It's not that all your personal information—your full name, your Social Security number, your address—is available in one spot, but there's means for the bad actors to take bits and pieces of it and create a full picture," Myroup explains. "Then they try to convince you through conversations or emails that you need to provide the balance of the information for whatever reason."
"There's no limit to the damage that can be done with this information," he adds. "It could impact your life savings or could even lead to someone taking over the deed on your mortgage."
Protect yourself with these dark web security tips
Typically, if your credit card number gets stolen, the issuing company will offer fraud protection. This means you're not responsible for the charges someone else makes. The card is canceled and you're issued a new one—an inconvenience for sure, but not severely damaging.
But with the information on the dark web, scammers have the opportunity to get into bank accounts, impact your credit score by opening false lines of credit and more.
So what can you do to protect yourself? Myroup offers five dark web security tips.
1Freeze your credit
People generally think about a credit freeze as something to do if their information has been stolen, but Myroup says doing it before you have a problem can be a preventive measure. If your credit is frozen, no one can apply for credit in your name. It's a fairly simple process of reaching out to the major credit bureaus, and it won't cost you any money or negatively impact your credit score. The downside is that if you decide to get a mortgage or a new credit card, you'll have to unfreeze your credit before you can apply.
2Embrace two-factor authentication
Many mobile apps and online sites use two-factor authentication, or 2FA, to increase security. This means when you log in, the app or site will reach out to you via another method to make sure it's you—often with a text message to a phone number you've provided. Myroup recommends using 2FA on sites where it's available.
Biometrics, such as requiring a fingerprint or facial recognition, are also taking hold and helping security. A scammer may have your login and password information for a company, but hopefully they don't also have your actual cell phone or your fingerprints.
3Designate unique emails and credit cards for online use
Myroup says having a separate email that you only use to register for online sites can help keep your primary email address safe to use for your financial institution's login. Similarly, if you have multiple credit cards, choose one to associate with online accounts with retailers, saving others for more critical transactions like paying utility bills or buying gas.
4Use caution with your bank account
It may be surprising, but one of the most dangerous ways to pay for something is by check, Myroup says. This is because checks typically have your full name and address on them, as well as the account number and routing information. He says scammers have gotten more organized about stealing mail, looking particularly for checks. Businesses may be able to talk to their financial institution about additional security measures if they write a lot of checks, but sometimes those measures aren't in place for personal accounts.
Wire transfers can be a safe way to pay for things online, but Myroup cautions people to be careful with the directions for a wire transfer. If a wire transfer is requested of you via email, call a trusted telephone number for the payee's institution to check the legitimacy of the wiring instructions before sending any cash. Make sure to validate the account ownership name for the account number provided.
5Help those who are most vulnerable
It's not just adults who can have their data compromised. Children may not yet have bank accounts, but they do have birthdays and Social Security numbers and an increasing number of them are online—especially in the tween and teen years. Kids' information is also often on paper forms, whether for school or medical use, putting them at risk for identity theft.
If you're responsible for an aging parent, you'll also need to be alert because older adults are often the top targets of scammers.
Be proactive and react swiftly
Myroup says good cyber hygiene is a smart practice. Change your passwords often, and use a password manager if you tend to forget passwords or don't know how to create strong options. Check links you receive in emails before opening them or providing sensitive information. For example, your bank will almost certainly never ask you to email your account information and will never ask you to share passwords or a one-time passcode.
Several services, including the major credit bureaus, offer to scan the dark web to see if your information is there. Myroup says there's some value in this because it may give you a general idea of how at risk you are, but it may not give you a complete picture. For example, the scan won't indicate that someone truly has access to your accounts.
Ultimately, you may not be able to prevent your information from being compromised, but being proactive can help make it harder for thieves to use compromised information to get access to your most sensitive financial information.
"Understanding what options are available to provide you the most security, and gravitating toward those options, is always the recommendation and the best practice," Myroup says.