Spade Technology: Blog

Is Your Information For Sale On the Dark Web?

Information For Sale On the Dark Web

Understanding what the Dark Web is and how it could be a danger to your small business is the first step towards avoiding this particular cyber threat – but what comes next? Dark web monitoring.

You know where to go to get gas. You know where to buy bread.

But what if your shopping list called for something else – what if you needed to the login info for a local small business’ system administrator account? What if you needed a half dozen Social Security numbers? What if you needed a line of credit, under a stranger’s name?

Would you know where to go shopping?

Cybercriminals do – they go to the Dark Web.

In fact, your personal information could be for sale right now, for as little as $3 per record. Do you want cybercriminals getting that good of a deal on your Social Security number, or your date of birth?

What Is The Dark Web?

The Dark Web is a small part of the much larger “deep web” – the common name for an extensive collection of websites that aren’t accessible through normal Internet browsers. These websites are hidden from the everyday Internet — or Clearnet — users through the use of overlay networks.

They’re built on the framework of networks that already exist, and there are a lot of them. In fact, the Deep Web makes up the majority of the information online. Which, when you consider how vast the corner of the Internet you frequent is, is nothing short of terrifying.

How Does Your Information Get On The Dark Web?

Cybercriminals employ a range of tactics to steal your information, and then sell it online. Before they can start advertising on the Dark Web, they have to get their hands on your info first.

A few strategies they might use include…

  • Phishing: Phishing emails are sent to large numbers of users simultaneously in an attempt to “fish” sensitive information by posing as reputable sources; often with legitimate-looking logos attached.
  • Spear Phishing: This is a much more focused form of phishing. The cybercriminal has either studied up on the group or has gleaned data from social media sites to con users.
  • Executive Whaling: The bad guys target top executives and administrators, typically to siphon off money from accounts or steal confidential data.
  • Social Engineering: LinkedIn, Facebook and other venues provide a wealth of information about organizational personnel. This can include their contact information, connections, friends, ongoing business deals and more.

Personal information such as school and medical records, bank statements, and private emails are all part of the Dark Web. To gain access to this information, you must be able to access an overlay network using specialized software and passwords. This is a good thing, because it keeps sensitive information safe, and prevents search engines from accessing and indexing it.

What Makes The Dark Web The Perfect Marketplace For Illegal Data?

The added security of the Deep Web makes it attractive for those who want their online activities to remain anonymous. Unlike the Deep Web, which prevents outsiders from accessing information, the owners of Dark Websites allow anyone with the right browser to access their sites. One of the most popular of these is The Onion Browser, more commonly known as Tor.

Cybercrime costs US businesses billions of dollars each year. The majority of information hackers steal from businesses ends up on the Dark Web for sale to identity thieves and corporate spies.

But, the real danger is that it provides communication and educational training ground for hackers and would-be hackers. Although the competition among different hacking groups is fierce, there’s still a willingness among cybercriminals to share techniques and assist one another.

It’s this access to the “tools of the trade” and the guidance required to pull off successful hacks, attacks, and scams that makes the Dark Web so dangerous to your business. Anyone with the time and inclination to learn how to steal valuable data from your business can check out an online tutorial or two, pay for some basic hacking software from one of these marketplaces, and set their sights on you.

While they might not be the stories that make national headlines, small and mid-sized businesses are targeted every day by cybercriminals looking to make a fast buck.

How Can Keep Your Personal Data Safe?

The first step is to make sure you use stronger passwords…

  1. Length and Complexity
    Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and simple passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.
  2. Numbers, Case, and Symbols
    Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
  3. Personal Information
    Many users assume that information specific to them will be more secure – the thinking, for example, is that your birthday is one of a 365 possible options in a calendar year, not to mention your birth year itself. The same methodology applies to your pet’s name, your mother’s maiden name, etc. 

    However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc.

  4. Pattern and Sequences
    Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.

Maybe you think your passwords are fine.

It’s certainly possible – but it’s one thing to skim over a list of common password mistakes and assume you’re probably still OK.

Sure, maybe that one password is based on your pet’s name, or maybe that other password doesn’t have any capitals or numbers – what’s the big deal, really?

If you’re so confident, then why not put it to the test?

Click here to test how secure your password is – take a few minutes and try a few.

How’d you do?

Probably not as well as you’d hoped, right? The reality is that truly complex passwords can be difficult to come up with, and even more difficult to remember.

How Can You Keep Your Business Data Safe?

  1. Train staff members on the proper handling of corporate data and procedures to limit data loss, including ways to handle phishing scams.
    Besides an initial onboarding training session, all employees should attend refresher courses throughout the year. The vast majority of cybercriminals gain access to a company’s network through mistakes made by employees.
  2. Require the use of strong passwords and two-factor authorization.
    It’s advisable that you assign strong passwords to each individual employee to prevent them from using passwords that are easy to guess, as well as implementing two-factor authorization.
  3. Consider investing in hacking insurance and conduct penetration testing.
    The cost of cybercrime will exceed 6 billion dollars by 2021. That’s a lot of money. Investing in cyber attack insurance is a good idea for businesses with a great deal of exposure.

How Much Of Your Data Is On The Dark Web Already?

Unfortunately, all these tips are meant to be preventative – they’ll increase your security and protect against cybercriminals taking your data in the first place.

But what if you’ve already experienced a breach?

It can be difficult for the average user to access the Dark Web and find the right sites to see if your info is for sale. After all, there’s no Google for that part of the Internet.

That’s why you need the right help, and the right technology to figure out if your data is for sale…

Dark Web Scanning

There’s only so much you can do on your own – but there are now more direct ways of checking whether your data has been compromised on the Dark Web. Many security vendors now offer cyber-surveillance monitoring solutions that can scan the dark web for your credentials.

Allow us to help – To celebrate Cyber Security Awareness Month, we are offering a complimentary dark web scan! You may have already seen this offer on our post card, if not there is still time to take advantage of this offer! Contact us today to receive yours.

Remember, you can’t make this go away by ignoring it. If there’s a chance your personal data could be on the Dark Web right now, you owe it to yourself to make sure it isn’t, and to take additional steps to protect your data from future theft and sale.

Put simply? You can’t afford to ignore the Dark Web.