NJ residents: Do this to keep personal info off the dark web
Do bad guys have your personal information posted for sale on the dark web?
New Jersey cyber security experts are expressing concern about an uptick in dark web activity that could pose a serious threat to Garden State residents and companies.
Mike Geraghty, the director of the New Jersey Cybersecurity and Communications Integration Cell, said anonymous users on the dark web are engaged in a variety of illicit activities including selling illegal guns, drugs, child porn, pirated media and personal information such as Social Security and credit card numbers and passwords.
Geraghty, who is also the state’s chief information security officer, said sometimes usernames and passwords stolen from a breach will simply be posted on the dark web “but then some of the information is also sold through these dark web marketplaces so that bad actors can buy access into this certain company.”
A world of problems
He explained once the bad guys get a hold of your username and password, they can very simply gain entry to a variety of accounts that can contain things like Social Security and credit card numbers and bank accounts.
“It’s a lot easier to log into a person’s account if you know that person’s username and password, that it is to hack into their computer,” he pointed out.
Geraghty said sometimes scammers will wind up getting literally millions of usernames and passwords and they don’t know who they belong to, but that’s not a problem.
“Then they can do what are called credential stuffing attacks, taking those and just randomly trying them against all sorts of online services.”
He said many people have multiple online accounts with the same password and if the bad actors get a “hit” for instance on an Amazon or Target account where a credit card number is stored, they will go in and immediately change the shipping address.
“Then what they can do because it’s one-click checkout, they may come back later and now make a purchase,” he said.
Thieves will also log into email accounts to look for different types of sensitive information.
“There may be keys to cryptocurrency accounts, there may be images or photos that we don’t want to be seen publically,” he said.
How to avoid having your information show up on the dark web
He said to protect yourself always use multi-factor authentication whenever possible.
Create long, complex passwords.
Laurie Doran, the director of the New Jersey Office of Homeland Security and Preparedness said changing passwords to make them longer and more complex is a fairly easy step that can stop identity and information theft.
“People think it’s never going to happen to them, and unfortunately more often than not it does happen,” she said.
Geraghty noted an increasing number of banks and other entities require a second factor of authentication, including fingerprints and facial recognition, which can limit fraudulent activity.
“As the good guys keep putting in some of these controls and prevention attempts, the bad guys are trying to figure out ways to bypass them,” he said.