The people's voice of reason
Data breaches are so commonplace that there's a good chance some of your personal information has already found its way onto the dark web. This might include your:
Criminals can use this information in a variety of ways, such as impersonating you, creating a fake identity, opening credit accounts in your name or getting a medical procedure using your insurance.
You can check to see if and what information is out there with a free dark web scan. And while there might not be a simple way to get your information removed from the dark web, you can take measures to protect your accounts and identity. Experian outlines what to do if your information is found on the dark web.
One of the first things you can do is change any potentially compromised passwords to help keep people from taking over your accounts. If you use the same password—or similar password variations—for multiple accounts, you may want to change the other accounts' passwords as well.
Create a new strong password that meets the following criteria:
Consider using a password manager to create and store complex passwords. You then only need to remember one complex password to access your password manager. Many of these apps can also automatically fill in your passwords after you log in.
Additionally, you might be able to use a password manager to create a passkey for your accounts. These are an alternative to passwords that may be more secure.
Multifactor authentication (MFA) requires you to use two or more forms of authentication to access your account. Your username and password are usually the first form, and the second might require you to:
Using MFA can help keep others out of your account even if your username and password are leaked on the dark web—or elsewhere.
You can sometimes opt in and out of MFA in your account settings. If you have the option to turn it on, you also might be able to choose your additional form of authentication. In general, text message and email MFA are the least secure options, but they're still better than nothing.
SIM swapping is when someone temporarily takes over your phone line using the same SIM swapping procedure that you'd use to activate a new phone. Criminals do this by tricking or paying off mobile phone carriers' employees. Alternatively, they might port your number to a phone they control at a different carrier.
Once they take control of your number, they can have your text message MFA codes sent to a phone they control. The potential for porting and SIM swapping is why SMS-based MFA can be less secure than other options.
However, mobile phone carriers now offer extra security measures that can help protect you from SIM swapping attacks. Look online or contact your carrier to find out what you need to do to enable them.
Keep an eye on your bank, investment, crypto and credit card accounts for any unusual activity.
You generally aren't liable for unauthorized credit or debit purchases, but you may need to act quickly and call the financial institution to dispute the transactions. If you notice a new account was opened in your name, the company can also help you close the account.
In some situations, your liability could depend on how long you take to report the fraud. You could be liable for up to $50 if you take up to two business days, or up to $500 if you wait longer. If more than 60 days go by, you could be responsible for the full amount of new unauthorized transactions.
You may also want to monitor other accounts that criminals could break into and monetize; for example, ecommerce accounts where you store credit or payment information, or even loyalty travel programs that criminals take over to book hotels and flights.
Your rights and protections can depend on how the fraudsters get into your accounts and what they steal. Some organizations might reimburse you, but you won't always have legal recourse if they don't.
Reporting unauthorized transactions and other types of fraud to financial institutions and other affected organizations is important. Additionally, you can report the theft or fraud to:
Identity theft protection services: If you have an identity theft protection service, you may have access to identity theft resolution professionals who can help you contact organizations, get your documents in order and manage the restoration process. You may also have identity theft insurance, which can help cover costs related to resolving all these issues.
You also have the right to add a security freeze to your credit reports from Experian, TransUnion and Equifax. This is also called freezing your credit, and it can be a simple and free way to keep someone from opening new credit accounts in your name.
You have to freeze your reports separately at each credit bureau, which you can do online, over the phone or by mail.
Freezing your credit reports limits access to your reports and keeps creditors from checking your credit in response to a new application. As a result, creditors may deny applications in your name while a freeze is in place.
However, your report can still be accessed for other reasons, such as if your current creditor wants to review your report or if you want to check your own credit. You'll also want to remember to unfreeze or temporarily "thaw" your reports when you legitimately apply for a new credit card or loan.
You also have the right to add a fraud alert to your credit reports. When there's a fraud alert on your report, creditors can see that you might be the victim of identity theft and are instructed to verify your identity or contact you before extending credit in your name.
Unlike with credit freezes, you only need to contact one bureau to add a fraud alert—it will forward your request to the other two bureaus. You can start the process online at Experian's Fraud Alert Center, and have the option to request one of three types of alerts, depending on eligibility: initial, extended and active-duty alerts.
Having safety measures in place can help protect you from identity theft or fraud regardless of how someone gets your information. But you may also want to be extra careful of scammers and fraudsters.
Unlike when someone uses your information to trick a company, if a scammer tricks you into sending them money, you might not be able to get it back. And scammers who gather information about you from the dark web and elsewhere might be able to trick you more easily.
For example, they might be able to figure out who your family members are and where you have accounts. They can use this information when they pretend to be an employee at a company or government agency.
One rule of thumb: Never share personal information or security codes with someone who contacts you out of the blue, even if it looks like they're calling, texting, emailing or messaging from a legitimate company. It's best to ignore these messages, look up the organization's information and then initiate the conversation.
You can use several tools to find out if your information is on the dark web, was compromised in a data breach or is easily accessible on the open internet. Two free options are Experian's dark web scan, which can look for your email address, phone number and Social Security number, and Experian's personal privacy scan, which searches for your information on people finder sites.
This story was produced by Experian and reviewed and distributed by Stacker.
Reader Comments(0)