Spikes in Dark Web Activity Present New Data Breach Threats to Businesses

An Employee’s Personal Information on the Dark Web Can Lead to Phishing Scams: 4 Tips for Employers

What comes to mind when you think of the dark web? The dark web conjures up images of a mysterious and deceptive marketplace, with villains lurking and hawking strange things, including illegally-obtained sensitive personal data and information. Indeed, the dark web is known for hidden information, including personal information procured in illegal ways. Thieves scam and sell information all the time; it’s called harvesting and reselling. It is a very real and constant threat that can lead to damaging data breaches.

Businesses need to be aware of the dangers and how their employees’ personal information found on the dark web — combined with information that is shared on social media and on data broker sites — can easily become the fodder to make more convincing, reverse-engineered phishing attacks. These phishing attacks can lead to security and data breaches that can cause significant damage to organizations and individuals. Employees may have their guards down and mistakenly click on a bad link can launch malware, exposing their information or their company’s information.

Phishing and ransomware are the two top root causes of data compromise, according to a recent report from the ITRC, which found that 92% of data breaches in the first quarter of this year were the result of cyberattacks. In fact, Q1 2022 boasted the highest number of data compromises in the past three years, even after a record-breaking year in 2021. Read more about what’s at stake.

In recent months, information on the dark web has spiked with passports, IDs, credit cards, and false identification documents — and so, too, have the costs. According to the latest 2022 Identity Breach Report, “worldwide inflation coinciding with the COVID-19 pandemic corresponds with upward price shifts in dark markets for several types of records and data.” The report cites a 178% price increase for IDs, a 131% price increase for passports, and a 105% price increase for credit cards, compared to the previous year. The report contends that this price jump is likely caused by the need for travel and public health documentation required as a result of the pandemic.

The Economy of Exposed Data

Organizations’ concerns over the dark web are warranted, especially with the latest breach report findings. Imagine the damage databases containing stolen massive volumes of personal data can cause. It is the economy of exposed data: stolen data sold for profit, and the report contends that “the circulation of this sensitive data increases individual and corporate risk, as more cybercriminals can use this information maliciously to execute targeted attacks.”

The numbers speak volumes. According to the report, the average price of databases sold in black markets was $61.78, while the average cost of databases sold in deep and dark web forums was $27,769. Why the significant price spike? Dark web forums have higher traffic and don’t rely on intermediaries.

What Tops Employer Security Concerns?

BenefitsPRO, ALM, and IDX conducted a survey of HR professionals and benefits decision makers (link) to measure their awareness and concern levels regarding data privacy and security risks to employees and companies, including gauging changes in employer’s data privacy and security concerns. The findings help to shed light on current concerns. The survey found that one in four employers is very concerned about employees’ personal information being for sale on the dark web and other online sites.

When asked about the top data privacy and security concerns, respondents ranked phishing scams, protecting employees from fraud, and poor password management as the top three concerns.

4 Smart Tips to Protect Your Employees and Your Company

Here are four smart tips to protect your employees and your company from dark web threats:

1. Offer identity and privacy protection services as a paid or voluntary benefit, optimized for complete protection. Seek solutions that include digital privacy features that can help mitigate the risk of data breaches.
2. Keep an eye on your digital footprint with dark web monitoring. IDX’s CyberScan continually monitors more than 14 billion data points across the entire web, including the deep and dark web, and alerts you if any of your information is found.
3. Employee education about phishing scams. Keep your employees on the lookout for strange links and emails.
4. Consider ForgetMe to stop data brokers from gathering personal information that could be used for targeted scams or phishing campaigns.

While the dark web continues to be a looming black hole for stolen data, it doesn’t have to overshadow your organization. By amping up your data privacy strategies through increased awareness, preventive steps, and the right tools, you can better protect your employees and their personal information — and your organization — to mitigate successful phishing attempts and data breach risks.