Credit union members must stay alert to scammers' latest attempts to access personal financial...
Surface, Deep, and Dark Web Explained
You have probably heard people talk about the mysterious “Dark Web” where criminals gather to commit fraudulent acts that result in financial fraud, identity theft and more. But most people don’t really understand what the Dark Web is or how it works. Let’s start with a few facts about the Internet itself.
The Internet, sometimes called the “Web,” is a worldwide system of computer networks woven together into a "network of networks" in which users at any one computer can, if they have permission, get information from any other computer (and sometimes talk directly to users at other computers). What most people don’t know is that the internet is actually made up of multiple layers, commonly referred to as the Surface Web, the Deep Web and the Dark Web. These layers are defined by who is using the
Internet and how these individuals gain and share access with others. It's important to understand why these areas of the Web exist and why protecting your personal data is so critical.
The Surface Web
This is the part of the Web where we all play and interact. Think of all the information you can search and find - all social media,
all websites available to you - and this is the Surface Web. The shocking thing about the Surface Web is that it makes up only about 1% of the information contained on the internet. What defines the Surface Web is the ability for information to be found (indexed) by search engines such as Google, Bing, and Yahoo so it can easily be made available to users. If you were to picture an iceberg, the surface web would be the tiny part that appears above water; easily visible but misleading because there is a much larger, more dangerous portion hidden from sight underneath the surface.
The Deep Web
The remainder of the Internet that is below the surface of this imaginary iceberg is called the Deep Web. Quite simply this area of the Internet is made up of information that cannot be indexed by search engines and often requires a username and password to access. When you login to your online banking, make purchases with stored payment information, or access your company’s intranet, you are interacting on the deep web.
The Dark Web
The Dark Web is a subset that makes up about 5% of the Deep Web. It is a place where criminals and law enforcement work anonymously, to quite different ends. The Dark Web is only accessible through a specific search engine, and the main difference is that computers using this search engine are disguised and users can interact without risk of being identified or exposed. Imagine a place where criminals can correspond without compromising themselves or their sources, and terrorists can plot with one another without revealing their location? It is also a place where cultural and political dissidents can get information that their home country might be suppressing. This is the Dark Web, full of good and bad things. The Dark Web is an unregulated environment. It is here that
hackers and cyber-thieves buy and sell your personal information that may have been obtained in a data breach or by other means. Stolen credit and debit cards, Social Security numbers, account numbers and login credentials are sold in large blocks to criminal merchants. These Dark Web merchants then package the information and offer it for sale, complete with shopping cart and payment options, to criminals around the world who will use the information to commit fraud.
What is Dark Web Monitoring?
When your personal information is lost or stolen it can end up as a cache of data on the Dark Web for sale. But here’s the good news. There are security professionals out there, pretending to be bad guys, who are able to infiltrate the criminal networks. These good guys, along with sophisticated artificial intelligence technology, can make copies of stolen data and contribute it to a very large
database of stolen credentials. The information in this database can then be compared to the credentials of consumers who have registered for Dark Web Monitoring. These good guys, pretending to be bad guys, can contribute a copy of this stolen data to a database that can be compared against consumers who have "Dark Web Monitoring". If there is a match an alert can be sent to the registered consumer to give them an early warning that the information is possibly in the hands of criminals. Immediate action can be taken, such as activating additional monitoring and changing passwords, to help avoid future fraudulent transactions. It can’t erase the risk but it can provide a head start. Imagine the difference between finding out that your car has been stolen and being in the room when the criminals are first plotting the theft.
What to Do if Your Personal Information is at Risk
Fortunately, if you are an Elevated or Enhanced account holder you are already eligible for nxg|PROTECT with Dark Web Monitoring as well as Credit Monitoring and professional Identity Theft Recovery Services. If you receive a Dark Web Monitoring alert from nxg|PROTECT, or you otherwise have reason to believe your personal information has been compromised, you can follow these
immediate steps below to help stop the damage. Also, if you feel you may be a victim of identity theft you can call an Identity Recovery Advocate who can help you understand if additional actions need to be taken or if your Advocate needs to perform steps on your behalf to help you regain control of your identity. You can learn more about your nxg|PROTECT benefits by visiting our
website at www.mscu.net/checking.
- Change your passwords. This should be a regular practice but it is immediately needed if you have received a Dark Web Monitoring alert or you have received a data breach notice that your email address and/or your website login information (username and password) for a particular website may have been compromised in a data breach. Also remember if you have used that same combination of username and password on any other websites or logins you should change those as well.
- Monitor your banking transactions, credit report, and postal mail. Looking at your banking transactions regularly can help prevent fraudulent transactions from getting out of hand. If you spot a suspicious transaction we can help you take immediate action to prevent further damage to your bank account or credit card balance. However, remember that criminals may open new credit or bank accounts in your name at an unknown credit issuer or financial institution. Review your credit report at least quarterly and watch for suspicious mail that might indicates this type of activity.
- Activate Credit Monitoring and Dark Web Monitoring. If you are an Enhanced or Elevated primary account holder you have access to no-cost Credit Monitoring and Dark Web Monitoring. These services will give you further visibility into fraudulent transactions that may occur outside of our financial institution. However, for privacy reasons we cannot start monitoring for you. You must go online to activate your free monitoring if you have not already done so. If you do not have the information that is needed to take advantage of these account benefits please contact your local Mutual Security Credit Union branch or contact us. Data breach and identity theft are on the rise. It pays to be vigilant.