On Super Bowl Sunday, Experian will afflict you with more commercials for its “dark web” scan. I have received a number of emails from clients and colleagues asking whether it’s worth it.
My answer is: probably not. Reason: if Experian finds your name or identifying information on some nefarious website in the “dark web,” Experian’s advice to you will be to change your passwords, use stronger passwords and put security alerts or a credit freeze on your credit bureau accounts. However, you can do all of that without paying Experian for a “dark web” scan.
First things first: what is the “dark web”? I do not hold myself out as an expert, but I have done some research on this. The “dark web” is a subset of the “deep web”. The “deep web” consists of websites that will not respond to searches from traditional search engines, like Google, Bing or Yahoo. If you search, for instance, “Super Bowl” on any of the traditional search engines, you would get websites from what is traditionally thought of as “the clear web”. You would not get any hits for websites in the “deep web”.
The “deep web” consists mostly of legitimate websites, such as legal members-only websites or proprietary company websites, such as in internal website used by a large corporation. In general, these websites tend to be more private in nature. By some estimates, the “deep web” consists of over 90% of the overall internet.
The “dark web” is that portion of the “deep web” in which illegal activity occurs, such as drug or illegal currency trafficking, child pornography or hiring hit men (no joke). There are websites on the “dark web” which traffic in stolen identities.
To access a “dark web” website, you normally would need a dark web browser (TOR is probably the most well-known one) and you would only browse using a VPN—virtual private network, which essentially disguises your identity, your computer credentials and your location while you are browsing. Really, anyone can do this—it’s not difficult to get onto the “dark web”. However, be forewarned: law enforcement agencies around the world have lots of tricky ways of monitoring people browsing the “dark web,” even if you take steps to do it anonymously. So fooling around on the “dark web” is not recommended—one false step and you can easily put yourself in the crosshairs of a law enforcement agency.
Now, back to the topic at hand: the Experian “dark web” scan.
First, understand that the “dark web” is only one avenue of selling a stolen identity, and probably not a very significant one. If someone steals your identity, chances are they already have a willing buyer somewhere and there would be no need to post it for sale on the “dark web”.
Second, while I have no doubt that Experian knows about several locations for stolen identities on the “dark web,” I strongly doubt it knows about all of them. More than any other area of illegal activity, the internet is a place where the criminals are ALWAYS one or more steps ahead of the people trying to catch them. So, while Experian can conduct a “dark web” scan, I strongly doubt that it would be a complete or comprehensive scan. What percentage of the “dark web” can Experian access? I don’t know, but it’s probably not a whole lot more than any private investigator with good computer knowledge can access. And, I strongly doubt Experian’s “dark web” access is equal to the access which has been achieved by various law enforcement agencies.
Finally, as I mention above: if Experian finds your name or identifying information on the “dark web,” Experian will tell you to change your passwords, use stronger passwords and possibly put a credit freeze or security alerts on your credit profiles with the three major bureaus. You can do that without paying Experian for the “dark web” scan.
But hey, if you want to hire Experian to do a “dark web” scan, I would be very interested in hearing the results.
I hope this short article has been useful to you. Thanks for reading.
Bob Brennan