Blog

What is the dark web? (5 facts)

What is the dark web? Find out about this intricate, mostly nefarious subset of the internet. Then, learn what to do to protect yourself.

minute read

Last Updated November 6, 2024

Category Cybersecurity

Share

The dark web. What is it?

The deep, dark web—what is it? Who uses it…and why? How does information end up there? And what should you do if someone finds your information there?

In this post, I’ll be diving into all the above. Let’s jump straight in.

Fact No. 1: The deep web and dark web are two different things

First off: Let’s set the record straight. The deep web and the dark web are two different things.

The internet is comprised of these three different “sections”: surface web, deep web and dark web.

The surface web is what is searchable and indexed by sites like Google and Bing.

The deep web “refers to anything on the internet that is not indexed by and, therefore, accessible via a search engine.” (CSO Online) It includes paywall-only content and content that requires sign-in credentials, like medical records, membership websites and confidential corporate web pages.

The deep web comprises much of the internet.

Although people don’t use the dark web exclusively for illegal purposes, it is known as the marketplace for birth dates, social security numbers and bank account numbers. And that brings us to fact number two.

Fact No. 2: The dark web is where criminals can go to buy, sell and trade stolen credentials

Let me tell you a quick story:

I’ve personally had my credit card number stolen. Years ago, before I did much (if any) online shopping, I noticed a few transactions hit my account. The transactions were all New York City-based. (I live in the middle-of-nowhere New Hampshire.) The charges were for small amounts at a well-known fast-food restaurant. (Charging small amounts to see if the legitimate owner notices is a well-known tactic. The criminal’s thought process is, “If they don’t notice these transactions, they most likely won’t notice incrementally larger amounts…and I’ll be able to use the card for longer.”)

I immediately called my bank, notified them that my credit card number had been stolen and canceled my card.

How did it happen? My credit card was still in my wallet; I didn’t have more than one copy of it. I hypothesize that my credit card information was picked up via scanner while I was in a public place, then sold on the dark web.

It’s easy enough to purchase a credit card scanner. (For this blog post, I searched “credit card scanner” and found several surface web websites selling them.) In the U.S. alone, there are “1.6 million card numbers for sale.” (pcmag.com)

Fact No. 3: It’s impossible to guarantee that your information will stay off the dark web

Unfortunately, there’s no definitive method to prevent your information from getting onto the dark web, but that doesn’t mean you can’t try.

Anyone who browses online must know how to protect themselves from the dark web.

We must protect our personal information from misuse online and ensure that our work credentials aren’t traded on the dark web.

Here are a few ways to protect your information from being leaked on the dark web:

  • Never email sensitive information: If you must share your social security, credit card or bank account number, do so in person or over the phone. And before you do, ask yourself: Do I know the individual asking? Do I trust this institution? Don’t be afraid to ask questions about the intended use. It’s YOUR information, after all.
  • Practice good password hygiene: Don’t share passwords, don’t reuse passwords and change passwords often. Get more practical password hygiene tips here.
  • Don’t visit or buy things from unsecured sites: Unsecured sites are sites without the “s” at the end of http. Always check to ensure the sites you visit contain that “s” (https:) or secure socket layer (SSL). The SSL certificate helps secure information such as login credentials, credit card transactions, bank account information and much more.
  • Use multifactor authentication: Multifactor authentication verifies your identity post-login and pre-access. This means that even if someone steals your credentials, the perpetrator wouldn’t be able to access the program they’re targeting. Instead, you would get a notification (usually via phone) that asks you if you are trying to log in. If you’re not, you click “deny” to block the intruder from entering.

Fact No. 4: You can monitor whether your information is located on the dark web

Okay, so we’ve learned that it’s near impossible to keep your information from ending up on the dark web. We also know you can take steps to protect yourself…but nothing is guaranteed.

So…what can you do?

Luckily, there are ways to determine if your information is on the dark web. Products like Right Networks’ Security Awareness Training provide a service called dark web monitoring.

Not all dark web monitoring services are created equal. Rightworks continuously scans and monitors the dark web for illicit activity involving your brand 24/7/365.

Here’s how it works. You work for XYZ Accounting Firm and use the domain @xyzcpas. One day, your email address and password appear for sale on a dark web website. Rightworks receives an alert, and then you do too.

Monitoring the dark web is essential because it protects your brand from malicious individuals who might sabotage it.

Think back to the personal example I provided in the buying and selling stolen credentials section.

What if it had been my QuickBooks® login credentials rather than my personal credit card information? In one fell swoop, the buyer of my credentials would have access to my entire book of business, including their customers’ contact information and financial data.

Learn more about dark web monitoring and security awareness training.

Fact No. 5: There are steps to take after your data is found on the dark web

Lastly, you can do a few things if your information is on the dark web. Your exact actions will depend on the specific information found, but it’s safe to say that practicing all of these steps for all of your accounts is a good idea:

  • Change your passwords.
  • Use multifactor authentication.
  • Comb through your recent debit card and credit card transactions.
  • Notify your credit/debit card provider if any transaction seems suspect (and request a new credit card).

Beyond these steps, it is your responsibility to be proactive about your data privacy and security. Invest in a security awareness training program. Install local machine security services. Begin working from cloud-hosted programs.

And always remember that Rightworks offers all of these solutions to help businesses like yours stay secure.

For more security information, visit us at rightworks.com/products/security-solutions.

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.
Privacy(Required)