Your data has already been compromised. The good news is that all is not lost and you can take steps to protect yourself.
Perhaps you think it’ll never happen to you, but here’s a hard truth: your personal information has been compromised and is probably already for sale on the Dark Web.
The bad news is, there’s not much you can do about it. The good news is, you can protect yourself against future and further breaches.
Before we get into that, here’s some context: The threat of cybercrime in South Africa has never been more severe. SA has the third-highest number of cybercrime victims worldwide – and the country loses about R2.2 billion a year to cyber-attacks.
Breaches affecting major companies – including Liberty, Ster-Kinekor, Master Deeds, ViewFines and Facebook – have exposed the information of millions of South Africans.
Don’t think you’ve been affected? Think again.
Your personal data is broadly available online. On how many webpages have you entered your e-mail address, phone number, and birthday – to sign up for new services, open accounts or download a free e-book? And on how many of these sites have you used the same or similar passwords?
The reality is that any information that is connected to the internet is vulnerable to theft. And it doesn’t take much for a hacker to compromise your data, to sell it on the Dark Web or use it in social engineering attacks.
Wait! The Dark what?
The mainstream internet that you access every day represents 3% to 4% of the actual internet.
Underneath this sanitised “public” layer is a massive marketplace for stolen data, personal information, trade secrets, intellectual property, explicit content and malware. Welcome to the Dark Web: a hidden network of websites that is inaccessible to normal web browsers and represents about 93% of online content.
It’s not all bad. Intranets, online databases and member-only sites also live on the Dark Web. But it’s mostly bad: a haven for illicit activity and a playground for cybercriminals. You need special resources to access it and those that do almost always mask their identities.
Anonymity is the Dark Web’s most appealing factor and if you’ve ever been a victim of a data breach (and you have), this is where your information lives. Plus, it has probably changed hands a few times.
You’re just a number
Cybercriminals target specific data types and, no, it is not your credit card details.
Why? Because credit card transactions are closely monitored by advanced banking systems, anti-fraud teams and high levels of monitoring expertise. It is quick and efficient for banks to identify and limit transactions that are not verified by two-factor authentication.
That is not to say cybercriminals don’t want this information. They do, but they’re not willing to pay big bucks for it. The going rate for a credit card and CVV number on the Dark Web is around $5. Your ID number is worth just $1.
So, what are they willing to pay good money for? Your phone number, e-mail address and username.
These have nowhere near the same level of sophisticated monitoring and intervention as credit cards. And, while it is easy to replace a compromised credit card, it’s a hassle to get a new phone number or e-mail address.
Hackers know this, which is why the exploitation of legitimate e-mail addresses and cellphone numbers can go undetected for months or years. It is also why the information, in general, is more valuable than a single transaction on a credit card.
Once they have your info, hackers sell it to businesses for marketing purposes or use it for more nefarious activities, like fraud.
How to stay safe(r)
Assuming your information has been stolen, how can you protect yourself online? Knowledge and experience. The more you know, the safer you’ll be. Here are some top tips:
Passwords. You already know this. Choose strong ones and change them regularly.
Clicks. Phishing and social engineering attacks are still the most common hacking methods. Don’t click on links in e-mails. Don’t open attachments from people you don’t know. And, if you get an e-mail from someone you do know but it seems “off”, pick up the phone and ask. They might have fallen victim to an impersonation attack.
Accounts. Monitor your bank account carefully. Flag unusual transactions immediately and block any compromised cards.
Silence. Be secretive. Don’t dish out your info to callers or respond to unsolicited e-mails.
Scepticism. Don’t be tricked into a Dark Web scan. Service providers – some scrupulous, others legitimate – claim to be able to scan the Dark Web for your information. But it is simply not possible to scan the entire Dark Web in 10 minutes. At best, these scans give you a false sense of security by scanning publicly available database lists, but these only account for a fraction of the Dark Web. Just because your info is not on these lists does not mean it is not stored elsewhere. (At worst, a scammer could pose as a service provider and actually add your info to the Dark Web.)
There is no way to guarantee your safety online but you can prevent yourself from becoming a soft target. Learn about the risks, educate yourself and be less trusting. DM
Brian Timperley is the CEO of Turrito Networks, a Gauteng-based telecommunications and technology provider.
Comments – share your knowledge and experience
Please note you must be a Maverick Insider to comment. Sign up here or if you are already an Insider.