IT assessment, planning, execution, monitoring and preventative maintenance LEARN MORE

Dark Web Scans: Are They Worth it?

Dark Web Scans

Should you do a dark web scan for your business or personal information?  Many of companies promote dark web scans online or on TV.  For instance, Experian offers a free scan when you set up an account with them.1

Supposedly, dark web scans discover whether or not someone hacked your personal and financial information.  Often, you’ll find this info on the “hidden” web where criminals try to sell it.

In this article, we explore whether or not you should do a dark web scan.

What is the Dark Web?

Besides the Surface web which everyone explores, there exists a hidden web with sites called the “Deep Web.”

The Dark Web refers to the part of the Deep Web where criminals have illegal sites and conduct illegal activities, like selling stolen Social Security numbers or drugs.  Also, you need special software, like one called Tor, to access this web.

Dark Web Scans

Dark Web Scans: Are They Worth it?

To answer this question, we’ll compare the regular web with the Deep web.  The regular web, which we can see, is really small compared to the Deep web.  It can thought of as the surface of the ocean, while the Deep web constitutes the rest.

Dark Web

Also, you can search the Surface web using search engines like Google, Bing or DuckDuckGo.  On the other hand, one cannot search the Deep Web.2

Because of its large size and unsearchable neature, we don’t recommend doing a Dark web scan.   It’s like looking for a needle in a hay stack.  Also, criminals use a lot of tools on the Dark web to hide their identity.  Until they thoroughly screen other parties and collect payment, they do not make sensitive personal and financial information available .3

Nothing is Free!

Therefore, we suggest that you don’t try any of the free dark scans the Experian Credit Agency and others offer.  They advertise free scans to try to get users to sign up for their paid monthly services.

Experian offers a free dark web scan to see if someone hacked your email address and password.  We believe they don’t do a real dark web scan, but just looking at publicly available data dumps.  If you sign up for their monthly plan, Experian offers to do a search based on your Social Security number, bank account numbers and other information.  Therefore, Experian uses the initial free scan to entice you to sign up for their monthly subscription service.4

How Can I Tell if my Info has Been Hacked?

Instead of requesting a dark web scan, you can use some free tools to see if your sensitive information has been exposed.  For instance, at one website (https://haveibeenpwned.com/), you can check if someone hacked your info.  Also, you can set up an account to receive alerts in case someone hacks one of your accounts.

Hack Check

Also, BreachAlarm represents a good alternative to the “Have I been Pawned” website and offers many of the same services and features. A website called DeHashed differs some from these other two.  Besides checking on email address hackings, DeHashed searches for hacks related to your name, password and other info.5

How Can I Protect Myself and My Business?

You should operate under the assumption that a hacker compromised your login credentials at some point.  Last year, cybercriminals hacked the Equifax credit agency and got Social Security and Driver’s License numbers on over 143 million people.6

To protect yourself and your business, you should use unique passwords for every online account and also change these passwords frequently (at least once every three months).   By using a password manager like Lastpass or Dashlane, you can secure online accounts.7

To protect yourself further, you should consider putting a freeze on your credit with the three main credit bureaus (i.e., Equifax, Experian and TransUnion).  This will prevent any criminal from requesting credit using your stolen info.  If you need to request credit, like applying for a home loan, you can temporarily unfreeze your credit.8

Freezing you credit will not prevent your bank or other financial accounts from being hacked.  You will should monitor their activity separately.

References:

1 Experian.com “Is Your Information on the Dark Web?” Link to Site

2 Dailydot.com “A beginner’s guide to the dark web” Link to Site

3 Howtogeek.com “What is a “Dark Web Scan” and Should You Use One?”  Link to Site

4 Makeuseof.com “The Experian Dark Web Scan: Do You Need it and Can You Trust it?” Link to Site

5 Digitaltrends.com “How to know if you’ve been hacked” Link to Site

6 Fortune.com “Equifax Hackers Steal Personal Details of Up to 143 Million People” Link to Site

7 Malwarebytes.com “10 ways to protect against hackers” Link to Site

8 Consumer.ftc.gov “Credit Freeze FAQs” Link to Site

Credit Agencies:

Equifax:  Link to Website

Experian: Link to Website

TransUnion: Link to Website

Smartphone – Five Ways to Protect Your Device

Smartphone Hacking on the Rise

Smartphone

Do you know that there are about 230 million US smartphone users and over 2 billion worldwide?  Do you know that U.S. smartphone users spend about an hour and half each day on their phone?  For many of us, smartphones have become integral part of our daily lives.  Besides using them for email and making calls, we use them to do just about anything: banking, accessing social media and taking photos.  This means that smartphones can hold some really important personal and financial information.

Because the smartphone market is so large and these devices hold such valuable information, hackers have become increasingly focused on breaking into them.  Recently, there has been a large increase in smart phone hacking.  In the future, we expect the attacks to only get worse.

Recognizing these threats, we wrote an article about the five ways individuals can make their phones more secure and reduce the chances of being hacked.

Google Play StoreApplication Download and Installation

The first step you can take to better protect your smartphone is to be extremely careful about what you are downloading and installing.  The best rule of thumb is to only download apps from the Apple App store or the Google Play Store and not unofficial sites.

Apple does a great job of screening which apps become available through its App store.  You can be confident that the applications you install on your iPad or iPhone are free of malware and viruses.  The apps on the Google Play Store are more likely to have malware or viruses, but usually you can be confident when downloading from their store.  Google has a scanner which scans its Play Store for malicious apps.

Also, it is important to check the permissions a new app is requesting when you download it.  If a flashlight app is asking for permission to access your contacts, this should be a red flag.

 

Disable Bluetooth Bluetooth smartphone

When you can, we recommend that you disable bluetooth. Some hackers have used bluetooth to break into smartphones.  There are different bluetooth versions with varying levels of security.  The older versions have more security holes, while newer versions have become more secure.  In general, it is best to disable bluetooth when you don’t need it.

 

Find my iPhoneEnable Device Finder and Remote Wipe

If your smartphone is stolen, you want to be able to remotely track it and to delete it.  On the iPhone, you can enable “Find my iPhone” under the “iCloud” settings.  If your device disappears, you can put it in lost mode.  This locks your screen with a pass code.  You can display a custom message to help you get it back.  You can also delete everything on your iPhone, so your personal information cannot be accessed.  For Android devices, you can remotely locate, lock and wipe your phone by using the Android device manager and third party apps.

 

EncryptionEnable Encryption

While the iPhone comes with full-disk encryption automatically enabled, you will have to enable encryption on Android phones.  Basically, the encryption protects your data by requiring a password for someone to be able to access your information in a usable form.  Without that password, it would be extremely difficult to hack it.

To set up encryption on an Android, you would need to go into “Security” in the Android settings and select “Encryption.”  It may take an hour or two to encrypt the device.  Then, after this you will be asked to enter this password every time your Android device boots up.

 

smartphone Pass codeUse a Pass Code

Your phone should be set to immediately lock when not in use.  It is very important to set a pass code or biometric (finger print, face recognition, etc.) security to protect it.  If you are using a pass code, the longer the better.  If your code is six digits long, this will make it 100 times more secure than a usual four digit one.

There are locking settings you can change to increase your smartphone’s security.  For instance, immediate locking will ensure that it will be hard to access your important information.  Don’t set your phone to lock after one minute or so.  Also, you can set your phone to erase all data after a certain number of failed entry attempts.

Related References:

CNBC.com “Your Smart Phone could be hacked without your knowledge”: Link to Article

The New York Times “With Wikileaks Claims of C.I.A Hacking, How Vulnerable is Your Smartphone?”: Link to Article

Cnn.com “WikiLeaks CIA hacking claims: How worried should you be?”: Link to Article