In 2019, identity theft, phishing scams and personal data loss will hit a new high.
We saw that play out over 2018 and this will only continue to grow. Facebook, Google, Marriott, etc. data breaches have affected more than 1 billion people around the globe. On top of the existing pool of already leaked data, hackers will have an heyday for tailoring a phishing scam or taking over your Facebook or Netflix account. This month, we’re highlighting a service of ours that was very popular last year, Dark Web ID.
For those of you not familiar, the Dark Web is just as bad as it sounds – it’s an area of the internet where illegal content runs rampant. When you hear about a big data breach on the news (Facebook, Google, Marriott, etc.), this is where the stolen data is sold.
Websites exist that host the ability to scam credit cards, identity theft, order illegal drugs, criminal activity, assassinations – you name it! As an IT business, luckily we’re only worrying about one thing being sold on the Dark Web –digital credentials (usernames, passwords and PII (Personal Identifiable Information (birthdate, phone number, address)).
Yes, there’s unfortunately a number of websites, software, and forums where your digital credentials are being sold for an average of $1-$18. That’s a cheap price for the devastation this can cause to your business.
Digital credentials are compromised through a handful of ways, besides your common malware attacks. Phishing emails are a very successful method, as they easily trick users into disclosing their credentials or deliver malware designed to capture these credentials. Malvertising is the use of malware-laden advertisements on legitimate websites, a fairly new concept for spreading malware that can be extremely difficult to detect – and therefore highly effective.
So, how can this employee credential loss affect your business? Here’s a handful of ways:
- Sending spam and phishing emails from your email account, to all your contacts.
- Installing malware or ransomware on compromised computers, servers and networks.
- Compromise other accounts using the same credentials. More on this later!
- Exfiltrate sensitive data – think customer records, medical records, credit card information, etc!
- Identity theft can then occur as a result of any of the above.
Passwords are a twentieth-century solution to a twenty-first century problem. Unfortunately, user names and passwords – the most common digital credentials used today – are all that stands between your employees and vital online services. These include corporate networks, social media sites, e-commerce sites, and others.
A good security practice is to use a completely different password for every service, but the fact is that nearly 40% of Americans replicate the same or very similar passwords for each service they use.
I am sure we’re all guilty of this, as keeping track of all your passwords to multiple different websites can be quite the task. Once your credentials are known, they can be tried on any website you’re known to use, or internally within your network to further access sensitive data.
To combat this, we use a solution that detects your compromised credentials in real time on the Dark Web – our I.D. Agent service. Using a proprietary technology, we vigilantly search the most secretive corners of the Internet to find compromised credentials associated with your company, contractors and other personnel. We then notify you immediately when these critical assets are compromised, before they are used for identity theft, data breaches or other crimes. Thus far, unfortunately almost 82% of the businesses we’ve scanned in Central and Southwest Montana, have had numerous digital credentials for sale. Are your company’s digital credentials currently available on the Dark Web? Call us and find out!