Equifax delves into the dark web – and offers tips for consumers to protect personal data

“Don’t be complacent about PINs and Passwords”

The recent cyber hack, hitting thousands of organisations worldwide, has brought the reliance on the internet and technology into sharp focus. Whilst the events were more about hackers holding large organisations to ransom, many individuals could be concerned about whether their personal data might be at risk as a result of the hack.

Credit information provider, Equifax, believes it’s important for consumers to understand the different layers of the web – the surface web, the deep web and the dark web – and how their personal information might be found and traded. “The better consumers understand how the internet and various new technologies work, the better armed they will be against the threat of fraud”, explained Lisa Hardstaff, identity fraud expert at Equifax. “There’s no room for complacency in this connected world.”

For that reason, Equifax recently produced a helpful infographic which illustrates the scale of the dark web - Understanding the Dark Web.

The surface web is any content that can be catalogued by search engines. This includes the types of websites we all use every day, which search engines like Google ‘index’ by following hyperlinks and tracking keywords.

Content in the deep web is not necessarily completely hidden or anonymous, but it cannot be indexed in the same way as the surface web. This includes content that is behind firewalls, and other types of protection, or things like a website’s internal search results.

The dark web is a section of the deep web that is deliberately hidden and cannot be accessed with regular web browsers. It was developed by the US government to allow intelligence to be shared around the world without fear of interception, by encrypting a user’s location and the information they send or receive. Inevitably a community of users grew that exploited this security for illicit means – giving rise to ‘the dark web.’

Research from Intelliagg* released in 2016 showed that the dark web is made up of around 30,000 websites, but 48% of the content could be deemed illegal. 40% of this illegal activity was categorised as ‘leaked data’ or ‘financial fraud’ – suggesting that the dark web is an important tool for criminals looking to compromise or abuse personal financial details, such as credit card numbers or bank log-in details.

Criminals on the dark web often sell packages containing people’s personal data, such as credit card numbers, including the CVV2 code and their name. Thieves steal financial details in a number of ways, including ‘phishing’ and malware, usually via emails or visiting unsafe websites, skimming card details or company data leaks.

At the heart of keeping personal data safe is the keys that unlock the information – passwords and PINs. Equifax is, therefore, offering tips to consumers who might be worried that their identity could be at risk. “Online research** of over 2,000 people in 2016 found that more than a quarter (27%) change their online passwords less than once a year and 23% never change their passwords without being prompted” added Lisa Hardstaff. “The fact that people now have so many passwords to remember could be a reason why they don’t regularly update their passwords. But anyone concerned about the security of their financial information should think about changing their passwords and PINs.

“Choosing safe passwords has become a fixture in modern security, and as security becomes more complex so do the methods criminals will use to get past it. Criminals on the dark web often sell packages containing people’s personal data, such as credit card numbers, including the CVV2 code and their name. So understanding what makes a password strong can help keep information safe.

“In addition to ensuring you have a strong password to reduce the risk of falling victim to identity fraud and other cybercrimes, it is also worth considering subscribing to a service like Equifax Identity Watch Pro which will alert you if your credit / debit card or personal information is found on websites used by fraudsters”.

Equifax Password Tips

Equifax has also come up with a few ways to create a secure online password.

Choosing a Password

Keeping these points in mind can help create a strong password:

  • A longer password will reduce the chances of someone guessing it or an attacker from cracking it. Websites can have different minimum length requirements for a password but aiming for between 8 and 32 characters is a good starting point
  • Hackers may try to guess your passwords using clues from your identity. Avoiding passwords with your real name, username, children’s or pet’s names or any phrases related to you - like your address, birthday, school names, or company - will help make your password more secure
  • Choosing different passwords for each website where you have entered details can prevent someone from using one password to access multiple accounts
  • Substituting numbers or symbols for letters, such as changing ‘turtledove’ to ‘turt13d0v3’, is a method well-known to hackers, and it may not be enough to prevent them from guessing your password - try some of the following best practices:
    • Avoid using words that can be found in a dictionary. Use a mix of upper and lower case letters, numbers, and symbols in an unpredictable order, e.g. Jan3#564@TRa1n
    • Avoid company names or mimicking the username
    • Avoid using more than two repeating characters, e.g. Jannnuary Yeeeear

Keeping It Protected

There are a few ways to try to keep a password secure:

  • Never share a password and PINs with anyone, even family
  • Avoid keeping your passwords written down and never store them on your web browser as this can be visible to hackers looking to steal your personal information
  • Using multi-factor authentication can add another level of security to your accounts as it asks for further verification of your identity before allowing access. The extra verification may include:
    • A piece of information only you know, such as a password or secret question and answer
    • A trusted device only you can access, like a mobile phone, where you’ll be told how to sign in
    • Something is difficult to fake, such as a fingerprint or retina scan
  • Downloading and installing anti-virus and online security software can help protect your computer from outside attacks, such as malware and viruses that could try to steal information from your computer
  • When creating your password reset questions and answers, keep in mind how easy it might be to guess the answer – is the information readily available or easy to research? If so, it may be safer to choose a more difficult question.

Password Managers

Password managers can help keep your passwords safe and secure without the need to remember them. You can enter the passwords you use for different websites into the software, which remembers the passwords when you sign in – you’ll normally only have to remember one master password for the password manager. Different password managers work in different ways and can offer a variety of services:

  • Some act as plugins or extensions for your browser. They can save entered passwords and re-enter them when you visit the site again
  • They can also save and enter other information on the websites, such as your name, address, or phone number
  • Many password managers can detect when you change a password, and may either ask if they should update their database, or do it automatically
  • Password managers can also come with a built-in password generator. This creates and stores a secure password, so you won’t have to remember a complicated series of numbers and letters
  • Some may be able to synchronise with accounts on other devices, such as your PC or Mac, phone, or tablet, and manage application passwords as well as web pages.

Like any digital software, password managers can also be a target for fraudsters, so it’s important to look for well-known applications with established reputations – services that you pay for can usually be more secure than free applications. It’s important to research any product before downloading. It is also essential that the master password for the manager is a very secure one.

Equifax Identity Watch Pro includes WebDetect, which alerts individuals if their financial details are shared on websites used by fraudsters. Subscribers also get alerts within 24 hours of significant changes to their credit report, allowing them to act quickly to cancel cards and accounts before any serious damage is done. And with unlimited access to their latest credit report online, consumers can stay one step ahead of the criminals. The service costs £9.95 per month.

* https://www.intelliagg.com/index.php/publications/
**YouGov survey, total sample size 2060 adults. Fieldwork was undertaken between 6th - 7th June 2016. The survey was conducted online.


For further press information, please contact: Clare Watson, Cecile Stearn, Parm Heer or Wendy Harrison at HSL on 020 8977 9132 / Fax: 020 8977 5200 or Email: equifaxbtocteam@harrisonsadler.com

About Equifax

Equifax, Inc. ("Equifax") powers the financial future of individuals and organizations around the world. Using the combined strength of unique trusted data, technology and innovative analytics, Equifax has grown from a consumer credit company into a leading provider of insights and knowledge that helps its customers make informed decisions. The company organizes, assimilates and analyses data on more than 800 million consumers and more than 88 million businesses worldwide, and its databases include employee data contributed from more than 5,000 employers.

Headquartered in Atlanta, Ga., Equifax operates or has investments in 24 countries in North America, Central and South America, Europe and the Asia Pacific region. It is a member of Standard & Poor's (S&P) 500® Index, and its common stock is traded on the New York Stock Exchange (NYSE) under the symbol EFX. Equifax employs approximately 9,200 employees worldwide.

Some noteworthy achievements for the company include: Ranked 13 on the American Banker FinTech Forward list (2015); named a Top Technology Provider on the FinTech 100 list (2004-2015); named an InformationWeek Elite 100 Winner (2014-2015); named a Top Workplace by Atlanta Journal Constitution (2013-2015); named one of Fortune’s World’s Most Admired Companies (2011-2015); named one of Forbes’ World’s 100 Most Innovative Companies (2015). For more information, visit www.equifax.com

Equifax Limited is one of the Equifax group companies based in the UK.

Equifax Limited is authorised and regulated by the Financial Conduct Authority.