ID Theft/Data Security

Consumers are in the Dark About Dark Web Monitoring Services

By Susan Grant, Director of Consumer Protection and Privacy, Consumer Federation of America

 |  Blog Post

A new survey we commissioned revealed that 36 percent of consumers who have seen ads for “dark web monitoring” incorrectly believe that identity theft services can remove their personal information from the dark web. An equal number (37%) mistakenly believe that these services can prevent people who buy their personal information on the dark web from using it.

Why are so many consumers making assumptions about how dark web monitoring protects them that simply aren’t true? It may be due in part to the fact that it’s hard to tell from the ads exactly what these services do. Also, because most of us don’t have direct experience with these services, we don’t know how they work. While dark web monitoring can be helpful for consumers whose personal information has been stolen, it’s important to understand that these services can’t put the genie back in the bottle.

The dark web is a small part of the internet that can only be reached with special browsers. Those browsers disguise the computers that are being used, providing a high level of privacy. That’s great for whistle-blowers, investigative journalists, people organizing against repressive governments, law enforcement agencies, and others who need to shield their identities and locations in order to communicate safely. Unfortunately, the dark web is also attractive to people who take advantage of its anonymity to sell stolen personal information and other illicit goods and services.

As we explain in our updated guide, Nine Things to Consider When Shopping for Identity Theft Services, identity theft services that monitor consumers’ personal information, including on the dark web, can alert them about possible fraudulent use of their data. These services also provide advice about what to do to avoid or limit the damage that could be caused and remedy any problems that have occurred. We also describe how you can monitor many of your accounts yourself for free.

If you believe that your personal information has been stolen, you don’t need dark web monitoring to know that it could end up for sale there. The steps you should take, outlined in our new tips, Dark Web Monitoring: What You Should Know, apply to any situation in which these types of personal information are in danger of fraudulent use:

  • Financial and other account numbers. Notify the places where you have those accounts. You may need new account numbers and to make other changes to stop those accounts from being misused from that point on. If fraud has already occurred, ask what you need to do to clear up the problems. You have the right to challenge credit card charges and debits you did not make.
  • Passwords. Change them. And if you’ve used the same passwords for multiple accounts (a common but dangerous practice, since crooks often try them in several different places to see if they work), be sure to change them everywhere.
  • Driver’s license and passport. Contact the agencies that issued them.
  • Email address and phone number. It’s probably not worth the hassle to change them, but be on guard for your email address being used to send spam or your phone number being “spoofed” to make calls look like they’re coming from you. Contact your service provider if that happens.
  • Social Security number. This is the most dangerous type of personal information in the hands of identity thieves because it can open the gate to serious fraud, from obtaining credit in your name to impersonating you to get medical services, government benefits, your tax refunds, employment – even using your identity in bankruptcy and other legal matters. It’s hard to change your Social Security number and it’s not a good idea because it is connected to your life in so many ways. There are a number of things you can do, including alerting the Social Security Administration, Internal Revenue Service and by placing fraud alerts or a security freeze on your credit files.

Additionally, if information about you resulting from identity theft shows up in your credit reports, public records or companies’ databases, you can correct or remove it. What no one can do, however, is grab stolen information out of the hands of identity thieves. That’s one reason why data breaches are so worrisome for those affected.

Fortunately, there is plenty of free help available for identity theft victims, including the Federal Trade Commission’s www.identitytheft.gov, which provides step-by-step recovery plans tailored to their particular situations, and the nonprofit Identity Theft Resource Center, which offers free one-on-one counseling online at www.idtheftcenter.org or by phone, 888-400-5530. Our own www.IDTheftInfo.org website has information about free security freezes and other ways to protect yourself and deal with identity theft problems.

In short, there are many resources to help people with identity theft issues, from fee-based to no-cost. To make informed decisions about identity theft services, consumers need to be provided with clear, complete information about what they do. In our Best Practices for Identity Theft Services, which we developed several years ago with identity theft service providers and consumer advocates, we encourage companies to describe the benefits and limitations of their services and to be careful not to overstate or misrepresent, directly or by implication, how they help consumers. In light of our survey results, it seems that the companies that offer dark web monitoring could do a better job of explaining what it can and can’t do to help consumers.