Newsletter Content

The Dark Web and You

In last month’s edition we defined the three levels of the internet; the Surface Web, the Deep Web, and the Dark Web. We learned that criminals use this anonymous region called the Dark Web for buying and selling stolen identity information, among other things. But what does this have to do with you? Let’s follow the story of Regina to see how all of this works in the real world.

A Trip to the Mailbox

One morning, Regina took a walk to her mailbox and was surprised to find an envelope from a bank she did not recognize. Thinking it must be an advertisement she started to discard it, but something made her think twice. She opened the envelope. It was a letter from a collection agency asking for payment of a $5,210.00 balance for a credit card account she did not own. Regina’s first thought was that it must have been a mailing error and this letter must belong to someone else. She looked again and saw that the card account was in her name. Regina called the issuing bank and was told that the credit card was opened 18 months earlier using her name and Social Security number, but a different address and telephone number. The card was used for transactions, and the balance was paid on time each month for a year. After the bank granted a requested increase in the credit limit the transactions got bigger and more frequent, but payments stopped coming. It was only after the account went into the collections process that it was traced back to Regina’s postal address through her Social Security number. This was a case of identity theft.

The timeline of this fraud is more than 2 years. Let’s see what might have been going on behind the scenes, although there is no way to know for sure.

We know that the criminals applied for a new credit card using Regina’s identity information, which means they had Regina’s name, address, Social Security number, and probably her driver’s license number. Regina could have been a part of one of any number of large data breaches in the past where names, addresses, Social Security numbers, and driver’s license information were lost or stolen. [2015-Anthem Health, 37.5 million, 2018- Equifax, 147.9 million, 2019-First American Financial, 885 million] But we want to propose another possible scenario that could have led to the theft of Regina’s identity.

What Might Have Happened:

Although she was not aware of it, in April of 2019, Regina was part of a data breach incident for an online invitation website which exposed her name, address, date of birth, email address and password, along with the rest of its members. How harmless could this be? There were no account numbers or other personal information included.

Let's Take a Look:

Regina’s email address was her username on the breached website account and she used the same password as the password used for the email account itself. [65% of people reuse the same email on multiple accounts, according to a 2019 Google/Harris poll]. Last January, Regina sent tax return information to her accountant using her email account. In March, Regina sent a picture of her driver’s license by email to a utility company to set up new service, which was a workaround process due to COVID-19 restrictions.

Behind the Scenes:

Criminals were able to purchase Regina’s email account information along with her password used on the online invitation website by using one of hundreds of black market storefronts on the Dark Web. With knowledge that the majority of people reuse their passwords, the criminals were able to login to Regina’s email account and access all of her archived emails, including attachments. Now they had her tax documents which included her Social Security number and other personal information, and the picture of her driver’s license. This is all they needed to establish a credit card account. They carefully “groomed” the account for months, making purchases and timely payments. Then they asked for an increased credit limit. Once the increase was obtained the criminals went on a spending spree with the result being over $5,000 in unpaid charges. In addition to opening this credit card account, the criminals could have established bank accounts, applied for government benefits, and even hijacked Regina's 401(k) account.

The Solution:

Fortunately Regina banks with which means Regina has access to a professional Identity Theft Recovery Advocate who can help her get her life and her identity back on track. The Identity Theft Recovery Advocate can perform research to uncover other areas where fraud may have affected Regina’s accounts. The Advocate will perform all of the legwork it takes to dispute fraudulent transactions and other activity caused by the identity theft, helping Regina reverse the damage.

Add this content if you offer Dark Web and Credit Monitoring from NXG.

In addition, Regina has taken advantage of Dark Web Monitoring and Credit Monitoring offered at no cost as part of her account features of her. In the scenario described above, Regina would have been notified when her email address and password were found to be included in the data breach, possibly giving her time to change her email account password. This could have prevented the identity theft incident from occurring. If Regina had been using credit monitoring she likely would have received an alert of a new account opened using her name and Social Security number, even though the address was different. This would have allowed Regina to get the support of the Identity Theft Advocate sooner and the fraudulent account could have been closed before it caused most of the damage.

The Lesson:

Now that she better understands the risk of becoming a victim of identity theft, Regina will be more careful to NOT reuse passwords, change her passwords often, and never send personal information, such as Social Security numbers, account numbers, dates of birth, copies of government-issued IDs, and health information by email that is not encrypted. Regina will also think carefully before setting up accounts online to limit her exposure to the breach of her passwords and personal information. Regina plans to check her bank statements and her mailbox regularly to spot suspicious transactions. Add this content to the previous paragraph if you offer Dark Web and Credit Monitoring from NXG. And she will be watching for alerts from her Dark Web and Credit Monitoring services provided by so she can act quickly. Be like Regina; use the services that provides as part of your and take a stand against identity thieves.

Need More?

What's Hot?

Looking for new ways to protect your account holders? Our Dark Web Monitoring goes deeper than traditional credit monitoring. We continuously track criminal networks, black market forums, phishing networks, and exploited websites using sophisticated technology and human spies to uncover compromised sensitive information. Our service also provides easy, secure online storage of your credentials for retrieval in the event of theft of a purse or wallet, or home disaster. Ask your NXG client manager how you can add Dark Web and Social Media Monitoring to your existing offerings.

What's New?

The Next Generation in Smart Shopping - nxg|SAVE is here! By adding this feature to your checking or savings accounts, your account holders can SAVE with big discounts on shopping, dining, and travel with an optimized experience on their PC, tablet, or smartphone. How does it work? Just download the slick GPS-assisted mobile app that lets you know where the best deals are right now in your area while you are on-the-go. No need to keep up with printed coupons; you can simply display the app on your phone at checkout to make savings EASY at thousands of retailers, restaurants, hotels, and more.

What's Next?

With Covid-related scams hitting the headlines, more financial institutions are adding nxg|PROTECT Elder Care as part of their initiatives around Elder Financial Abuse. Providing access to patient, skilled professionals to research possible identity theft and remediate fraudulent transactions, this service is a must-have for protecting seniors. If your institution already provides nxg|PROTECT services to at least 80% of your total checking accounts you qualify for nxg|PROTECT Elder Care for all elders outside of the covered group at no additional cost. Don't know if your institution currently qualifies for this coverage? Reach out to your NXG client manager to review your program to either increase your coverage or add nxg|PROTECT Elder Care for a low monthly fee.