Dark Web Monitoring Part 2
The Dark Web and You
In Part 1, we defined the three levels of the internet; the Surface Web, the Deep Web, and the Dark Web. We learned that criminals use this anonymous region called the Dark Web for buying and selling stolen identity information, among other things. But what does this have to do with you?
Let’s follow the story of Regina to see how all this works in the real world.
A Trip to the Mailbox
One morning, Regina took a walk to her mailbox and was surprised to find an envelope from a bank she did not recognize. Thinking it must be an advertisement, she started to discard it, but something made her think twice. She opened the envelope. A letter from a collection agency asked for payment of a $5,210.00 balance for a credit card account she did not own. Regina’s first thought was that it must have been a mailing error, and this letter must belong to someone else. She looked again and saw that the card account was in her name. Regina called the issuing bank and was told that the credit card was opened 18 months earlier using her name and Social Security number, but a different address and telephone number. The card was used for transactions, and the balance was paid on time each month for a year. After the bank granted a requested increase in the credit limit, the transactions got bigger and more frequent, but payments stopped coming. Only after the account went into the collections process was it traced back to Regina’s postal address through her Social Security number. This was a case of identity theft.
The timeline of this fraud is more than two years. Let’s see what might have been going on behind the scenes, although there is no way to know for sure.
We know that the criminals applied for a new credit card using Regina’s identity information, which means they had Regina’s name, address, Social Security number, and probably her driver’s license number. Regina could have been a part of one of many large data breaches in the past where names, addresses, Social Security numbers, and driver’s license information were lost or stolen. [2015-Anthem Health, 37.5 million, 2018- Equifax, 147.9 million, 2019-First American Financial, 885 million] But we want to propose another possible scenario that could have led to the theft of Regina’s identity.
What Might Have Happened:
Although she was not aware of it, in April of 2019, Regina was part of a data breach incident for an online invitation website that exposed her name, address, date of birth, email address, and password, along with the rest of its members. How harmless could this be? There were no account numbers, or other personal information included. Let’s take a look: Regina’s email address was her username on the breached website account, and she used the same password as the password used for the email account itself. [65% of people reuse the same email on multiple accounts, according to a 2019 Google/Harris poll]. Last January, Regina sent tax return information to her accountant using her email account. In March, Regina sent a picture of her driver’s license by email to a utility company to set up a new service, a workaround process due to COVID-19 restrictions.
Behind the Scenes:
Criminals were able to purchase Regina’s email account information along with her password used on the online invitation website by using one of the hundreds of black-market storefronts on the Dark Web. With the knowledge that most people reuse their passwords, the criminals could log in to Regina’s email account and access all her archived emails, including attachments. Now they had her tax documents, which included her Social Security number and other personal information, and the picture of her driver’s license. This is all they needed to establish a credit card account. They carefully “groomed” the account for months, making purchases, and timely payments. Then they asked for an increased credit limit. Once the increase was obtained, the criminals went on a spending spree, resulting in over $5,000 in unpaid charges. In addition to opening this credit card account, the criminals could have established bank accounts, applied for government benefits, and even hijacked Regina’s 401(k) account.
The Solution:
Fortunately, Regina banks with Truity Credit Union. Regina has access to a professional Identity Theft Recovery Advocate to help her get her life and identity back on track. The Identity Theft Recovery Advocate can perform research to uncover other areas where fraud may have affected Regina’s accounts. The Advocate will perform all the legwork it takes to dispute fraudulent transactions and other activity caused by identity theft, helping Regina reverse the damage.
Also, Regina has taken advantage of Dark Web Monitoring and Credit Monitoring offered at no cost as part of the account features of her Preferred Checking account. In the scenario described above, Regina would have been notified when her email address and password were found to be included in the data breach, possibly giving her time to change her email account password. This could have prevented the identity theft incident from occurring. If Regina had been using credit monitoring, she likely would have received an alert of a new account opened using her name and Social Security number, even though the address was different. These alerts would have given Regina the support of an Identity Theft Advocate sooner, and the fraudulent account could have been closed before it caused most of the damage.
The Lesson:
Now that she better understands the risk of becoming a victim of identity theft, Regina will be more careful to NOT reuse passwords, change her passwords often, and never send personal information, such as Social Security numbers, account numbers, dates of birth, copies of government-issued IDs, and health information by email that is not encrypted. Regina will also think carefully before setting up accounts online to limit her exposure to the breach of her passwords and personal information. Regina plans to check her bank statements and her mailbox regularly to spot suspicious transactions.
And she will be watching for alerts from her Dark Web and Credit Monitoring services provided by Truity Credit Union so she can act quickly.
Be like Regina; use the services that Truity Credit Union provides as part of your Preferred Checking account and take a stand against identity thieves.