SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Dark web monitoring and how it can help protect online identities

Identity theft is often seen as something that happens to ‘other people', but it's more common than many may realise. As many as 1 in 6 New Zealanders have been a victim of identity theft, and the consequences can be disastrous - and it may lead to more than just financial loss.

The following provides an introduction to the dark web, how personal information may be compromised and sold, and how to help protect against it.

What is the dark web? 

When most people go online, they only ever stay on the ‘surface web', and most people don't know that it's just the tip of the internet iceberg. Below the public surface web lies the ‘deep web', which is usually protected by passwords, and stores information like medical records, a company's private database, health insurance portals, and other classified information.

Further down, there is the ‘dark web', a heavily encrypted and anonymous playground, the home of cybercriminals.

It is where stolen data and personal details are traded, sold and used for financial, political, or personal gain. And if personal information ends up on the dark web – for instance, after a data breach – an identity thief could gain access to it.

When internet users interact with companies online, they may be sharing personal information with them – such as their email address, date of birth, driving licence number, credit card and passport details, home address, and full name.

Cybercriminals will often attack companies to steal valuable personal information. Most often, they manage to do this by taking advantage of unsecure networks to gain access to information. After a breach, cybercriminals can steal personal data and sell it illegally on the dark web.

Criminals might then use sensitive information to buy flat-screen TVs and computers with credit card data, take out loans or open new credit cards with stolen names and passport numbers, or transfer money from bank accounts.

What is dark web monitoring?

Dark web monitoring is a service offered by companies to continually search the dark web for personal information. Using AI and human technology, they comb through large databases of stolen usernames, passwords, bank account info, and credit card numbers for sale.

The dark web monitor will then instantly notify users if they find their personal information on the dark web. Even though they can't remove this personal information from the dark web, users can instantly take action to help protect against identity theft, like changing passwords and cancelling credit cards.

Here is the personal information that thieves commonly access and sell on the dark web:

  • Credit card and debit card account numbers
  • Log-in information for payment services such as PayPal
  • Driver's licenses
  • Medical records
  • Passports
  • Fake diplomas
  • Phone numbers
  • Log-in information for subscription services

What to do if personal information is detected on the dark web Change passwords

Security experts recommend changing passwords as soon as personal information has been exposed. It's recommended to never use the same passwords on multiple sites and to make sure new passwords are complex and difficult to guess.

Notify financial service providers

If a scan finds that credit card or bank account numbers have been exposed, its best to call financial service companies. Cancelling affected cards and ordering new ones may be necessary to keep financial information safe.

Cyber-attacks are constantly evolving and becoming increasingly sophisticated. The dark web adds another dimension to the online threats impacting New Zealanders. That's why it is important for customers to find reputable cybersecurity software to consistently monitor the dark web to protect them against identity theft.

Follow us on: