What is the dark web?
The deep web, also referred to as the dark web, is the hidden part of the internet that you can’t find using Google or Yahoo. The term “deep web” refers to a collection of websites which exist on an encrypted network that promotes anonymity. Experts estimate that the “surface web,” the internet that is accessed through Chrome or Internet Explorer, only accounts for 10-15% of the whole internet. The majority of the deep web is harmless. It is full of things like medical records, private directories and websites under various stages of construction. The portion of the deep web that hosts illicit content is what is commonly referred to as the dark web.
To access this part of the internet you need specific software, like the Tor (The Onion Router) browser. This browser routes traffic between a series of proxy servers around the world, making you and your IP address practically untraceable. The dark web provides anonymous access to purchase things like drugs, weapons, hacking tools and stolen PII.
Our point of focus is on the stolen PII, specifically your email credentials. Everyday stolen email credentials are bought and sold on the dark web at a serious discount. In most cases, email credentials sell for $1 or less. This could lead to a major security breach of your business. Or, the attacker could start a new phishing campaign with your credentials and target all of your contacts. They could even access your other accounts, like Gmail or LinkedIn, if you reuse passwords.The scariest part is that your PII could already be on the dark web and you wouldn’t be the wiser until it is too late.
How did my credentials end up on the dark web?
There are many ways for your passwords to show up for sale on the dark web, but typically it is for one of two reasons.
Major companies all over the world get hacked, you see it in the news all the time. Target, Yahoo, Mariot and Equifax have all data breaches in the last 5 years. Part of the data that was stolen includes customer’s email addresses and passwords. These credentials are then uploaded and sold on the dark web, typically in bulk.
The main goal of a phishing campaign is to steal credentials. Once the phisher has a confirmed working set of credentials, it is placed for sale on the dark web or used to continue the campaign and steal more credentials.