Dangers of the Dark Web
A Criminal's Perspective
Over the last two months, we've taken a deep dive into the dangers of the Dark Web. In order to keep your account holders informed of it's dangers, we continue our series this month by shedding light on the Dark Web from the perspective of the criminals that benefit from this underworld.
It's important that your account holders understand how easy it is to transact in the Dark Web, how accessible stolen information is, and how quickly stolen personal information changes "hands".
Understanding these realities will help your account holders value the protection and recovery benefits available to them and can also serve as an important reminder to activate their benefits, when applicable. If you do not choose to use this series for your consumer communications, we highly encourage you to circulate this three-part series to your employees for their further education. The more employees understand why data breach occurs the more careful they will be when handling personal information of your account holders.
The month of October is Cybersecurity Awareness Month, sponsored by the National Cybersecurity Alliance. We welcome you to join this movement in October to bring awareness to the increasing dangers of cyber theft and will be utilizing their theme "Do Your Part #BeCyberSmart". Feel free to access the free marketing materials provided in this link to join the movement.
The Dark Web - A Gateway to Criminal Activity
Over the last few months, we've taken a deep dive into the dangers of the Dark Web. We continue our series this month by shedding light on how transactions happen in the Dark Web and the criminal enterprise that exists in this mysterious, hidden place. Why is this important? The more you understand about how criminal activity works, the better prepared you will be to protect yourself and your family from this growing threat.
It's Accessible Across the Globe
While the Dark Web is intentionally cloaked in anonymity making it mysterious to the outside observer, it actually operates much like the Surface Web where we interact every day. However, the web browsers you are accustomed to, such as Chrome, Firefox, Internet Explorer and Safari, will not access a search result from this side of the web. Dark Web sites are found through a single unique browser that is used worldwide, known as Tor.
Not every person who uses Tor to access the Dark Web is a criminal. In fact, the anonymity provided by the Dark Web is also useful worldwide for law enforcement to obtain key pieces of data from informants, security professionals who need to stay abreast of criminal tactics, and journalists in countries that are hostile to free speech to communicate free of fear of retribution. In fact, Tor was originally created for this latter purpose as an anonymous communications channel for free speech. It works by routing your request for a web page through a series of proxy servers operated by thousands of volunteers around the globe, masking the source of your internet request, making it unidentifiable and untraceable. It can be slow and unreliable but this method achieves the goal of anonymous web browsing.
Unfortunately, over the years the Dark Web has been taken over by those intent on committing fraud and scams for financial gain so that now the majority of activity is conducted by cyberthieves and other criminals. Today, exploring the Dark Web is like walking alone at night through a dark alley in an unfamiliar city without a map. DON’T try this yourself. Leave this work to professional cyber-investigators.
It's a place to sell stolen data to other criminals.
The basic principle of supply and demand applies to criminals on the Dark Web, just like it applies to merchants on your local town square. For criminal Dark Web merchants the "supply" is personal information, such as names and addresses in combination with social security numbers, account numbers, drivers license numbers, email addresses, user names, passwords and other personal information. This supply of stolen personal information largely comes from data breaches, such as the ones you have heard of like Marriott, Target, LinkedIn, and Equifax, although there are hundreds more each year that don't make the news. These data breaches typically occur from a cyber attack on the company’s systems or an internal employee who steals data.
Criminals offer to sell the stolen data to Dark Web merchants in pre-packaged bundles designated by the date of the theft, which is referred to in this black market trade as the "freshness date". In the criminal lingo these bundles are called “dumps”. Criminals will even sell stolen credit card data sorted by bank identification number or “BIN”, which identifies which bank issued the cards. Read on to find out why.
It's an online storefront for buyers.
The “demand” on the Dark Web comes from another type of criminal that buys stolen data from Dark Web merchants for the purpose of committing fraudulent financial transactions or other forms of identity theft. These online storefronts are very similar to any other e-retailer with a menu of goods for sale, a shopping cart, satisfaction ratings, and discussion forums.
Most of these storefronts are operated in foreign countries, outside of the reach of U.S. law enforcement, and have clever names and graphics to appeal to U.S buyers. One such example is “McDumpals” which features a Ronald McDonald-like character under golden arches, “Mr. BIN” which features a cartoon character that looks like the popular lead actor in the movie “Mr. Bean”, or “Uncle Sam’s Dumps wants YOU!” with the familiar Uncle Sam face, complete with a stovepipe hat in red, white and blue, beckoning criminals to “Buy American”. Some even offer Black Friday sales, BOGO offers (buy one, get one), and money-back guarantees.
The criminal who shops on the Dark Web can browse the "product" selection and, as an example, buy stolen credit card information based on the zip code of the rightful owner or by the BIN of the bank who issued the card. The criminal can limit his fraudulent purchases to a local zip code so it does not arouse suspicion. Or the criminal can buy and use stolen cards issued by a particular bank that does not have a habit of replacing cards after a large data breach.
The cost of stolen data is surprisingly low and the pricing can vary each day, just like the stock market. In fact there are several "Dark Web Price Index" websites that track changing costs for stolen data on the Dark Web. As an example, a stolen Social Security number can cost as little as $1.00 and a full range of forged personal documents that can be used to commit impersonation and fraud can sell for only $1,500.
It’s a place you don’t want to be!
As we mentioned above, we strongly suggest that you don’t try to visit the Dark Web on your own unless you are a cyber-investigator or a law enforcement professional. While browsing may be anonymous, when you click on a site operated by thieves it may be set up to track your steps all the way back to your internet address. In addition, law enforcement has had some success in hindering Dark Web thieves by laying traps for would-be buyers, which has led to arrests. We are working hard to keep you and your identity safe. Realizing that your internet browsing habits may have consequences is a first step to internet safety.
But what happens if your identity information ends up on the Dark Web through no fault of your own? That’s where we come in.
[Use this paragraph if you have Dark Web Monitoring through NXG]
As part of our [EMBEDDED ACCOUNT] group you have access to Dark Web Monitoring that will alert you if your personal information is found on suspicious sites, forums, blogs and more in the Dark Web. In addition, you have access to a professional Identity Recovery Advocate who can help you understand what the alert means to you, provide recommendations to mitigate the risk, and help you overcome any type of identity theft should it occur, regardless of the cause. The world is a scary place right now, full of unknowns. We are standing ready to help you protect your identity with the same care that we take every day to meet your banking needs. [Suggest ending with your financial institution’s tagline, if it fits here]
[Use this paragraph if you do NOT have Dark Web Monitoring through NXG]
As part of our [EMBEDDED ACCOUNT] group, you have access to a professional Identity Recovery Advocate who can help you overcome any type of identity theft should it occur, regardless of the cause. The world is a scary place right now, full of unknowns. We are standing ready to help you to protect your identity with the same care that we take every day to meet your banking needs. [Suggest ending with your financial institution’s tagline, if it fits here]
Social Media Content
Personal empowerment is an important part of any identity theft protection efforts. Make sure your account holders know the steps they can take to protect themselves.
Post #1 - Your email address and password can be the key that unlocks your identity. If it ends up for sale on the Dark Web we can help. Our <EMBEDDED_ACCOUNT> offers proactive. monitoring and professional fraud remediation to help you if identity theft strikes. #takecontrol #yourprotectionpartner
Post #2 - Thieves purchase stolen personal info on the Dark Web as easily as you buy a new pair of shoes. Our <EMBEDDED_ACCOUNT> provides access to professional Identity Recovery Advocates to help if you are a victim of identity fraud. Visit <YOUR WEB ADDRESS> to find out more. #darkwebdangers #takecontrol #yourprotectionpartner
Post #3 - According to the Federal Reserve your social security number can be sold on the Dark Web for as little as one dollar! Protect yourself and your loved ones with <EMBEDDED_ACCOUNT>. Call us today to find out how. #darkwebdangers #takecontrol #yourprotectionpartner
Post #4 - Criminals are at work 24/7 on the Dark Web to steal your data. With <EMBEDDED_ACCOUNT> you have security professionals around the clock trying to protect it. Call us today to find out more, #darkwebmonitoring #takecontrol#yourprotectionpartner
Looking for new ways to protect your account holders? Our Dark Web Monitoring goes deeper than traditional credit monitoring. We continuously track criminal networks, black market forums, phishing networks, and exploited websites using sophisticated technology and human spies to uncover compromised sensitive information. Our service also provides easy, secure online storage of your credentials for retrieval in the event of theft of a purse or wallet, or home disaster. Ask your NXG client manager how you can add Dark Web and Social Media Monitoring to your existing offerings.
The Next Generation in Smart Shopping - nxg|SAVE is here! By adding this feature to your checking or savings accounts, your account holders can SAVE with big discounts on shopping, dining, and travel with an optimized experience on their PC, tablet, or smartphone. How does it work? Just download the slick GPS-assisted mobile app that lets you know where the best deals are right now in your area while you are on-the-go. No need to keep up with printed coupons; you can simply display the app on your phone at checkout to make savings EASY at thousands of retailers, restaurants, hotels, and more.
With Covid-related scams hitting the headlines, more financial institutions are adding nxg|PROTECT Elder Care as part of their initiatives around Elder Financial Abuse. Providing access to patient, skilled professionals to research possible identity theft and remediate fraudulent transactions, this service is a must-have for protecting seniors. If your institution already provides nxg|PROTECT services to at least 80% of your total checking accounts you qualify for nxg|PROTECT Elder Care for all elders outside of the covered group at no additional cost. Don't know if your institution currently qualifies for this coverage? Reach out to your NXG client manager to review your program to either increase your coverage or add nxg|PROTECT Elder Care for a low monthly fee.