How do you know if you’ve been caught in the Dark Web?

A recently popular term, the Dark Web is just as bad as it sounds – it’s an area of the internet where illegal content runs rampant.  (In fact, you may have heard about it from TV commercials from Experian selling the personal scanning use since the Equifax breach).

Websites exist that host the ability to scam credit cards, identity theft, order illegal drugs, criminal activity, assassinations – you name it! As an IT business, luckily we’re only worrying about one thing being sold on the Dark Web – digital credentials (usernames and passwords).

Yes, there’s unfortunately a number of websites, software, and forums where your digital credentials are being sold for an average of $1-$18. That’s a cheap price for the devastation this can cause to your business.

Digital credentials are compromised through a handful of ways, besides your common malware attacks. Phishing emails are a very successful method, as they easily trick users into disclosing their credentials or deliver malware designed to capture these credentials. Malvertising is the use of malware-laden advertisements on legitimate websites, a fairly new concept for spreading malware that can be extremely difficult to detect – and therefore highly effective.

So, what can an attacker do with your compromised credentials? Here are a few examples:

  • – Exfiltrate sensitive data – think customer records, medical records, credit card information, etc!
  • – Sending spam and phishing emails from your email account, to all your contacts.
  • – Installing malware or ransomware on compromised computers, servers and networks.
  • – Compromise other accounts using the same credentials. More on this later!
  • – Identity theft can then occur as a result of any of the above.

Passwords are a twentieth-century solution to a twenty-first century problem. Unfortunately, user names and passwords – the most common digital credentials used today – are all that stands between your employees and vital online services. These include corporate networks, social media sites, e-commerce sites and others.

A good security practice is to use a completely different password for every service, but the fact is that nearly 40% of Americans replicate the same or very similar passwords for each service they use. I am sure we’re all guilty of this, as keeping track of all your passwords to multiple different websites can be quite the task. Once your credentials are known, they can be tried on any website you’re known to use, or internally within your network to further access sensitive data.

To start the year we’re formally announcing our I.D. Agent service. We’re using the industry’s first solution to detect your compromised credentials in real time on the Dark Web. Using a proprietary technology, we vigilantly search the most secretive corners of the Internet to find compromised credentials associated with your company, contractors and other personnel. We then notify you immediately when these critical assets are compromised, before they are used for identity theft, data breaches or other crimes. Thus far, unfortunately, almost 70% of the businesses we’ve scanned in Central and Southwest Montana, have had numerous digital credentials for sale – scary, we know!

 Click on to learn more and talk to us today about our I.D. Agent service!