SlideShare a Scribd company logo

ClearScore Darkpaper reveals dangers of dark web and online fraud

J
Jayna Mistry

1. The document discusses fraud on the dark web and its impact on UK residents. It finds that 33% of UK residents have been victims of online fraud, with losses commonly between £101-£500. 2. Many underestimate how frequently data breaches occur, with only 25% thinking their data could be for sale on the dark web. However, the average ClearScore user found passwords from seven online accounts had been leaked. 3. Identity theft and fraud are among the UK population's biggest financial concerns highlighted in the report.

Technology
1 of 33
Download to read offline
The ClearScore Darkpaper THE DANGER OF THE DARK WEB 2020 Shining a light on the data being sold on the dark web and how we can protect ourselves.
Key Findings SHORT ON TIME? HERE ARE THE KEY OUTTAKES MOST UK RESIDENTS HAVE A DECENT UNDERSTANDING OF THE DARK WEB. 2 People in the UK think the #DarkWeb is used for illegal pornography (46%), drug dealing (46%) and buying/selling people’s #data (44%). Get @ClearScore Protect to see if your #passwords have been stolen. TweetGIF A quarter of UK residents think some of their data could be for sale on the #DarkWeb, although over 55s are most likely not to know (53%). Find out if your #passwords have been stolen with @ClearScore Protect. TweetGIF If people found out their #data was for sale on the #DarkWeb they’d either change all their #passwords (43%) or call the police (33%). Check out if your passwords have been stolen with @ClearScore Protect. TweetGIF Half of people (52%) think the #DarkWeb is run by cybercriminals, although a quarter don’t know who is behind it. Read @Clear- Score’s Dark Web #Fraud Darkpaper for the truth. TweetGIF
PASSWORD HABITS NEED SIGNIFICANT IMPROVEMENT. 3 People in the UK are most likely to only rotate two to three #passwords for their online accounts - although nearly a third (29%) have five to ten passwords. Improve your password hygiene with @ClearScore Protect. TweetGIF A third (32%) of #GenZ (18 to 24 year olds) have used ‘password’ or ‘123’ in a #password - this jumps down to 17% for the whole pop- ulation. Learn how to make a super secure password with @ClearScore’s #DarkWeb #Fraud Darkpaper. TweetGIF 41% of people include a birthday in their #password, 34% a child’s name and 27% a pet’s name. Change your stolen passwords to something more secure with @Clear- Score Protect. TweetGIF
ONLINE FRAUD REMAINS A HUGE PROBLEM IN THE UK. 4 A third (33%) of people in the UK have been victims of #OnlineFraud. Find out more in @ClearScore’s #DarkWeb #Fraud Darkpaper. TweetGIF Around half of #Millennials aged 25 to 34 (48%) and 42% of people who live in London have been victims of #OnlineFraud. Learn more about #DarkWeb #Fraud with @ClearScore’s new Darkpaper. TweetGIF Banking details were compromised in 58% of #OnlineFraud cases in the UK. Find out more in @ClearScore’s Dark Web #Fraud Darkpaper. TweetGIF New research found that #OnlineFraud was most likely to cost individuals between £101 and £500. Learn more about #DarkWeb #Fraud with @ClearScore’s new Darkpaper. TweetGIF More than half (55%) of people are more concerned about online scams and identity theft because of the #COVID-19 pandemic. Check out @ClearScore’s #DarkWeb #Fraud Darkpaper for more info. TweetGIF
Overview ClearScore’s Darkpaper: The danger of the dark web 2020 examines UK citizens’ understanding of the dark web and online fraud alongside the latest industry insight on these themes. It will also take a look at how COVID-19 has affected online fraud and people’s perceptions of it, before concluding with actionable guidance on how individuals can protect themselves from this growing threat. The purpose of this Darkpaper is to highlight the problem that online fraud poses to the UK’s population and help guide them to a better understanding of online security with the launch of ClearScore Pro- tect. ClearScore Protect is a free dark web monitoring service provided to all ClearScore users, for free. Every three months, ClearScore privately and securely runs a scan of the dark web, monitoring for any stolen passwords associated with your ClearScore-registered email address. You’ll be alerted by email if any of your data is found so that you can take action and secure your accounts against fraudsters. You’ll also get personalised security tips to help protect your identity. For enhanced protection, ClearScore also offers Protect Realtime - a subscription service for just £2.99 a month which monitors the dark web daily for up to three email addresses. ClearScore will scan for names, phone numbers, postcodes and other data that has been compromised in addition to passwords. ClearScore Protect, dark web monitoring, for free, forever. Activate ClearScore Protect here. 5
7 Foreword: statements from Justin Basini, CEO and co-founder of ClearScore; Troy Hunt, founder of Have I been pwned 8—12 Section One: What’s so dark about the dark web? 13—16 Section Two: Fraud on the dark web 17—20 Section Three: A note on COVID-19 21—29 Section Four: How can we protect ourselves? 30-31 Conclusion, Methodology & About ClearScore 32-33 Endnotes What you’ll find in this Darkpaper 6
Forewords “We launched ClearScore in 2015 to help people achieve greater financial well-being by providing credit scores and reports for free, forever. We now serve 9 million people in the UK. A big part of financial well-being is understanding how and where your data is being used, and so we designed ClearScore Protect 18 months ago to help consumers take control of their online presence. I myself have fallen victim to identity theft and have had first-hand experience of how it can an impact a person's financial and mental well-being. On behalf of the team at ClearScore, I hope that ClearScore Protect and the guidance in this Darkpaper will help you steer clear from becoming a victim of online fraud.” — JUSTIN BASINI, CEO & CO-FOUNDER CLEARSCORE “There’s a fundamental lack of cyber security awareness amongst consumers and it’s leading to a great deal of personal distress, both emotional and financial. ClearScore Protect is a great consumer resource, especially given it provides tailored sup- port from a human by way of Protect Realtime. This can make a huge difference to those who’ve just lost money to cybercriminals. Online fraud has been plaguing consumers for years, I hope the launch of Protect helps drive consumer awareness around online safety.” — TROY HUNT, WEB SECURITY EXPERT & CREATOR OF ‘HAVE I BEEN PWNED?’ 7
SECTION 1: What’s so dark about the dark web? EXAMINING PEOPLE’S CONCEPTIONS & MISCONCEPTIONS ABOUT THE DARK WEB WHAT IS THE “DARK WEB”? The Cambridge Dictionary defines the dark web as: Dark web noun (also dark net) “parts of the internet that are encrypted (= use a secret code), and that cannot be found using ordinary search engines, and that are sometimes used for criminal activity.” 1 Dark fact: You may have heard the term “deep web” as well as dark web and assumed they are the same thing, but they’re not. The dark web is actually a small, encrypted (locked up) part of the much larger deep web, which is the 95% of the internet not indexed by web search engines like Google. Content on the deep web includes academic journals, company intranets and even your email account.4 This matches relatively well with the UK population’s general under- standing of the dark web. They may not know how to access it neces- sarily, but popular culture (alongside stock images of people in hoodies in front of computers) means 83% of Brits have heard of the dark web and most (69%) see it as “a hotbed of all sorts of criminal activity”. • The dark web refers to all websites that are only accessible through a TOR network. • TOR stands for “The Onion Router”, so- called because it sends encrypted traffic through layers of relays around the world so as to hide the website, the searcher and their location.2 • In a nutshell, everything on the dark web is there because it wants to be anonymous. • To access the dark web, you have to down- load the TOR browser and you can then surf it either by knowing the web address you want to visit or using a search engine like DuckDuckGo.3 SO...WHAT ACTUALLY IS IT? 8
WHO RUNS THE DARK WEB? More than half of people in the UK think the dark web is run by criminals (52%), but a quarter of the general populace aren’t sure. 52% Criminals 7% A distributed network of volunteers 3% The government 8% All of the above 5% No-one 25% I don’t know 52% 7% 8% 5% 25% 3% 9
WHAT IS THE DARK WEB USED FOR? When we asked our respondents what the dark web is used for, we gave them seven options to pick from (alongside “I don’t know” and “Other”) all of which are in fact correct. Drug dealing Illegal pornography Selling/buying people’s data Weapons dealing Hiring hitmen Whistleblowing Getting discounted Netflix subscriptions I don’t know Other 46% 35% 44% 46% 15% 35% 6% 4% 18% 2% 10
SO...WHAT IS REALLY ON THE DARK WEB? A study from 2015 by Gareth Owen and Nick Savage (both from the University of Portsmouth) on behalf of the Global Commission on Internet Governance collected data on the dark web for six months to analyse the type and popularity of its content. The study shows that while crime (especially drugs) is a big part of the dark web, there is also less insidious content like bitcoin, and its anonymity can be used for good, for example for whistleblowing and activism.5 Dark fact: No one actually runs or owns the dark web. It is known as a decentralised internet which means everyone owns and controls their own data. The invention of the dark web is typically thought to have taken place in the early 2000s, most notably with the release of TOR by the US government, who built it to help their own operatives remain untraceable.6 11
1. The dark web is part of the deep web which can’t be accessed using normal search engines like Google. It uses TOR (The Onion Router) in order to keep visitors and websites anonymous. 2. Despite 52% of Brits believing the dark web is run by criminals, it’s actually run and owned by no-one. 3. The dark web is predominantly used for criminal activity like fraud but is also used for good, like whistleblowing and activism. If you want to learn more about the dark web, check out this blog on the ClearScore website. Key takeaways 12
SECTION 2: Fraud on the dark web WHAT ARE DARK WEB CRIMINALS DOING WITH MY DATA? As we saw in the last section, the third most common kind of content on the dark web is fraud related. But how does this affect people in the UK? HOW MUCH DO UK RESIDENTS CARE ABOUT FRAUD? A separate piece of market research conducted on behalf of Clear- Score in March 2020 found that Brits’ biggest financial concern is saving money, with 23% of the population placing this as their number one money worry. However, the second and third biggest stresses are identity theft and fraud (for example, their credit card information being used against them). HOW BADLY IS THE UK AFFECTED BY ONLINE FRAUD? Our data found that one third (33%) of the UK population admitted to being victims of online fraud. Victims were more likely to be men (53% of whom were affected), aged between 25 and 34 (26% of whom were affected) and live in the South East (15% of whom were affected). Interestingly, wealth has nothing to do with it; there’s only one percentage point difference in the proportion of those typically defined as the middle and working classes who have fallen victim to online fraud. In terms of how much money is stolen from individuals in these cases, 31% of those sur- veyed who had fallen victim to online fraud lost between £101 and £500, 5% lost £1,001 to £2,000 and 3% lost over £2,000. Losing any amount of money to online fraud is incredibly stressful, not only because of the financial im- pact but also because of the time and effort it can take to try to reclaim money. In some cases, people may not be able to get their money back at all which can have a significant emotional and mental toll on individuals and their families. 13
HOW DOES ONLINE FRAUD HAPPEN? The easiest way for criminals to steal your money is to get access to your data, most importantly your financial information i.e. your debit or credit card details. Other data is also valuable, especially passwords which can give criminals access to your financial information, or other details like your date of birth or address which can help fraudsters “prove” your identity. Data gets leaked in what is known as a “data breach”. These can be huge, such as the 2018 breach of Under Armour-owned fitness app MyFitnessPal where 150 million user records were leaked. Or they can be very targeted, using a variety of methods to steal data from one individual.7 The most common causes of data breaches include: • Hacking into a database or system because there are vulnerabilities (holes) in the software protecting it. • Phishing attacks (scam emails that trick people into giving away their data or downloading malware / a virus that breaks into people’s devices and steals their data). • Poor password hygiene i.e. users having easy-to-guess passwords or using the same password across multiple accounts. When you were affected by online fraud how much money (if any) was stolen from you? No money stolen £1 - £100 £191 - £500 £501 - £1,000 £1,001 - £2,000 £2,000 + Prefer not to say 16% 31% 13% 5% 3% 2% 29% 14
z These methods (amongst others) are constantly evolving to catch people out which means that data breaches are very common. To put this into perspective, in 2019, 46% of businesses in the UK suffered a data breach.8 As a result, the 305,000 users who have activated ClearScore Protect found that an average of seven passwords had been stolen and found on the on the dark web. Our study found that people underestimate how common data breaches are, or assume they haven’t been affected because they haven’t suffered (or noticed) repercussions. In fact, only a quarter thought that their data could be for sale on the dark web, with 22% believing their data wasn’t for sale on the dark web and 53% not being sure. Dark facts about online fraud Some information about what cybercriminals are doing with your data on the dark web from Acuris Risk Intelli- gence: • A typical internet user’s entire data worth has been calculated to be £987 to hackers.9 All of your data in one package is referred to as “Fullz” and would allow criminals to act completely as you online, e.g. opening new accounts, changing passwords and transferring money. • But, the amount criminals pay for your data depends on factors like how much data is involved in a package (i.e. is it just your email address, or is there a password and credit card info in there as well) and how much money you have in your bank account. • Passwords are especially precious when they’re “Fresh” meaning they haven’t been exploited before - this is because criminals will assume that your password to one thing will be the same as your pass- words to other things, based on your age, gender etc. “Fresh” passwords can sell for $10 to $100 (£8 to £80). • Once these “Fresh” passwords have been used, criminals will post them on dark web forums for use by anyone in order to cover their own tracks. Acuris picks up between 50 to 100 million of these every day. • Personal information like birth dates are also valuable as criminals can check these against birth registers to get answers to security questions like parents’ names and maiden names. • 99.9% of dark web purchases take place using Bitcoin or similar anonymous cryptocurrencies. 15
1. Identity theft and fraud are some of the UK population’s biggest financial concerns. 2. 33% of the UK population have been victims of fraud. 3. Of our survey respondents, victims of fraud most commonly lost between £101 and £500. 4. The average ClearScore user found they had passwords from seven online accounts leaked onto the dark web. 5. The average person’s full “data worth” to a hacker is £987. Key takeaways 16
SECTION 3: A note on COVID-19 HOW THE CORONAVIRUS HAS IMPACTED FRAUD With this Darkpaper launching in April 2020, the UK (and the wider world) is experiencing significant challenges because of the corona- virus pandemic. Everything has been touched in some way by the virus, including online fraud, with cybercriminals adopting the insidious strategy of exploiting people’s fears about COVID-19 for financial gain. IS THE UK POPULATION NOTICING A DIFFERENCE? UK residents are feeling the impact of this change in online fraud, with more than half (55%) being more concerned about online scams and identity theft than before. Young people aged 18 to 34 in particu- lar are feeling more concerned than before (63%). The majority (61%) also believe the number of online scams and instances of identity theft have increased since the outbreak. Do you feel more, or less, concerned about online scams and identity theft now that more people are working from home because of COVID-19? Do you think the number of online scams and instances of identity theft has changed since the outbreak of COVID-19? 55% 39% 6% 61% 17% 16% 6% 61% 6% 16% 17% I think the number has increased I think the number has decreased I think it’s stayed the same I don’t know 55% 6% 39% More concerned Less concerned About the same 17
A FEW THINGS TO LOOK OUT FOR... Source: Fortinet Coronavirus-themed emails or websites that push you to download an attachment, like this example from a hacker posing as the World Health Organisation. Those who download the attachment will find their device infected with a data-stealing malware (virus).10 WHAT KIND OF COVID-19 RELATED SCAMS ARE OUT THERE? The UK population is right to be concerned. The National Fraud Intelligence Bureau (NFIB) reported that coronavirus-related fraud reports spiked by 400% from mid-February until the end of March, predominantly related to fake sales of face masks, hand sanitisers and other similar protective equipment.11 There has also been an uptick in cybercrime forum activity, with criminals offering dis- counts on COVID-19-related scams and phishing attacks.12 Dark fact: The NFIB reported in April that COVID-related fraud has scammed UK citizens out of £1.6 million since the start of the epidemic.13 18
The variety of scams out there is immense, so it’s wise to always remember the NCA’s advice on how to avoid becoming a victim of fraud. For more information on addressing COVID- 19-related financial concerns, check out ClearScore’s COVID-19 hub. A FEW THINGS TO LOOK OUT FOR... Communications from insurance companies or HMRC that request your bank details or other personal information in exchange for what seems like an amazing offer like a tax rebate. If an offer seems too good to be true, it probably is.14 Stop: Taking a moment to stop and think before parting with your money or information could keep you safe. Challenge: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or cause you to feel panicked. Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.15 Source: HMRC 19
1. Over half of the UK population is more concerned about online scams and identity theft because of COVID-19 and the majority believe scams have increased since the outbreak. 2. These fears have been confirmed by the NFIB, with reports claim- ing that fraud has spiked by 400%, costing individuals £1.6 million since the start of the epidemic. 3. There are a variety of very creative scams out there, so it’s important to be very vigilant when clicking on or download- ing anything online or giving away any personal information. Key takeaways 20
SECTION 4: How can you protect yourself? WHAT WOULD YOU DO IF YOU FOUND OUT YOUR PASS- WORD WAS FOR SALE ON THE DARK WEB? As this Darkpaper has illustrated, your passwords should be seen as codes to a safety deposit box that contains all of your wealth and potentially other precious information such as medical details and your address. This section illustrates that people in the UK have relatively good pass- word habits, but this may be breeding complacency. As we showcased in Section 2, it is worrying that only 25% of people think their data is for sale on the dark web when the average person who used Clear- Score Protect found passwords from seven online accounts were available on the dark web. What would you do if you found out your data was on the dark web? 43% 33% 3% 3% 1% 16% 1% Call the police Post on social media asking for help I wouldn’t do anything Change all of my passwords Get rid of all of my technology I don’t know Other If you find out your password has been leaked onto the dark web, change all of your pass- words right away. 21
WHAT IS CLEARSCORE PROTECT? ClearScore Protect is a free dark web monitoring service provided to all ClearScore users, for free. Every three months, ClearScore privately and securely runs a scan of the dark web, monitoring for any stolen passwords associated with your ClearScore-registered email address. You’ll be alerted by email if any of your data is found so that you can take action and secure your accounts against fraudsters. You’ll also get personalised security tips to help protect your identity. For enhanced identity protection, ClearScore also offers Protect Realtime - a subscription service for just £2.99 a month, which moni- tors the dark web daily for up to three of your email addresses. Clear- Score will scan for names, phone numbers, postcodes and other data that has been compromised in addition to passwords. ClearScore Protect, dark web monitoring, for free, forever. You can find out more about ClearScore Protect here. 22
WHAT DO I DO IF IT’S TOO LATE AND I’VE ALREADY BECOME A VICTIM OF FRAUD? Contact your bank and lenders First, let them know what’s happened. After they’ve completed their fraud investigations and confirmed the transactions to be fraudulent, they may be able to refund your money. Contant Action Fraud Action Fraud is the UK’s national reporting centre for fraud and cyber- crime. You can file a report online or talk to their specialists by calling 0300 123 2040. They’ll provide you with assistance on next steps. Contact Cifas - the leaders in fraud prevention Cifas offers a ‘Protective Registration’ service which places a warning on your credit report, alongside your personal details. This will be visible to banks and lenders when you’re applying for a product or service. When banks or lenders see this warning, they’ll use extra security meas- ures to ensure that the application is actually from you, not someone pretending to be you. Contact Victim Support Victim Support is an independent charity that helps anyone affected by crime. They provide free and confidential support 24-hours-a-day, whether you’ve reported the crime to the police or not. Subscribe to Protect Realtime For £2.99 a month, Protect Realtime sweeps the dark web daily to check if any information associated with up to three of your email address has been compromised. It also gives users tailored support if any data is uncovered on the dark web or if they unfortunately be- come victims of fraud. Monitor your ClearScore report Your ClearScore credit report is generated once a month, but with ClearScore’s Alerts feature, you’ll receive updates if there are any upcoming changes to your next credit report. Keep an eye on these updates. If you don’t recognise these changes, or any other informa- tion on your credit report, you can dispute this directly with Equifax, our partner credit reference agency. 1. 4. 2. 5. 3. 6. 23
ARE THE UK’S PASSWORD HABITS GOOD ENOUGH? Make your passwords as complicated as possible We asked the UK population a few questions to determine the average complexity of their passwords. Starting with a positive note, only 17% of people have used the phrase ‘password’ or numerical sequence ‘123’ in a password and 73% don’t include any personal information in their passwords (for example, their birthday, children’s names or address). Have you ever included the phrase ‘password’ or number sequence ‘123’ in a password? 1. 83% 17%17% Yes 83% No THERE ARE THREE GOLDEN RULES TO REMEMBER WHEN IT COMES TO PASSWORDS: • Make your passwords as hard to guess as possible. • Never use the same password twice. • Get a password manager (for example 1Password) to help you remember your passwords. 24
Do your passwords include any of your personal information e.g. your birthday, child’s name/birthday, your address, sports team, partner’s or family member’s name? Of the 27% of people that do include personal information in their passwords, including a birthday or birth date was most common with 41% admitting to doing so. Which of the following data have you included in your passwords? Dark fact: Young people are the worst offenders when it comes to having simplistic passwords, possibly because they’re more complacent having grown up with the internet. A third (32%) of 18 - 24 year olds have included ‘password’ or ‘123’ in a password and 40% use personal information in their password. So… what’s the secret to a really complicated password? • Never use obvious things like “password” or “123” or “qwerty”. • Don’t include personal information - this could easily be found with a simple trawl through your social media accounts. • Think long - passwords should be fifteen characters or more. • Use a mix of uppercase and lowercase letters, numbers and symbols. • Try adding three words together like ‘FishSeventeen- Sky’ to make a strong password. • Use a random password generator - 1Password (a password manager available at a discounted price when you download ClearScore Protect). 73% 27%27% Yes 73% No Birthday/birth date Child’s name Pet’s name Spouse or partner’s name Mother’s maiden name Sports team Anniversary Address/part of address Other 41% 34% 27% 5% 12% 12% 15% 16% 17% 25
Never use the same password twice Everyone should have a different password for every account they have online. It’s very reassuring that over half (53%) of people surveyed said they use a different password for every online service they use, with 29% of people having five to ten pass- words and 17% having 11 or more. However, it’s worrying that just over a third of people in the UK (37%) have just two to three passwords which they rotate be- tween accounts. This is better than the 5% who have only one password they use for everything, but it is still not safe enough to provide protection from fraud. People are most likely to reuse the pass- word they use for their personal email accounts (19%) and social media networks (18%). How many different passwords do you have for all of your online accounts and apps (incl. email, Uber, online banking, Spotify, Netflix, etc)? For any of the following services, do you use the same password that you use for another service? 2. 5% 37% 29% 17% 6% 6% 5% 1 password (I use the same password for everything) 37% 2-3 passwords (I rotate 2-3 passwords I can remember) 29% 5-10 passwords 17% 11+ passwords 6% I don’t know 6% I’m not sure how many passwords I have because I use a password manager Health services Work services Personal devices Personal email accounts Smart home devices Gaming apps Banking None of the above/ I always use a different password Government services Work email accounts Social media networks Other 4% 4% 5% 5% 9% 9% 10% 11% 18% 19% 53% 1% 26
OTHER THAN GREAT PASSWORD HYGIENE, WHAT ELSE CAN I DO TO PROTECT MYSELF AGAINST FRAUD? Keep your social media private: A hacker only needs three pieces of information to steal your identity - your name, address and date of birth. Once they have this, they can buy fake ID documents using your details. They can also use informa- tion you post on social media to guess your passwords. So be wary of oversharing online, and never put your birthday or address on your social media accounts. Check your bank statements: Don’t underestimate the importance of checking your bank state- ments regularly, and if you spot any suspicious transactions, report them to your bank or credit card provider immediately. Enable two-factor authentication on your important accounts: If your account is only protected by a password, it’s at risk of being hacked. Two-factor authentication adds another layer of protection by asking you to re-confirm your identity using something other than a password. This could be a text to your phone, or an authentication app. Two-factor authentication is a must for your email, banking, social, PayPal, ClearScore and password manager accounts. Dark fact: Only 23% of UK residents use a password manager, with 17% saying they’ve never even heard of password managers. It may seem like a lot of admin having a different pass- word for everything… but that’s what password managers have been invented for. With password managers, you only need to remember one password to unlock all of your accounts (so it’s worth making it really complex) and the manager locks away and remembers the rest of your passwords in a digital vault. Through ClearScore Protect you can get a discount on 1Password, a password manager with options for families and businesses which even tells you if services you have accounts with have suffered a data breach, or if they have a two-factor authentication option that you should be using. 1. 2. 3. Source: 1Password 27
Be wary when opening emails or answering phone calls: Be vigilant of what lands in your inbox - if you’re even a little unsure about something, don’t reply or click on any links in the email. If the sender is pretending to be a real company, search for that company’s details and get in touch with them this way, rather than replying to the email. The same goes for phone calls. Sometimes a scammer will use the information they’ve stolen from you to make the phone call or email seem more legitimate, for example by stating your full name and address. Make sure your mail gets to you: If you’re moving house, make sure you redirect your mail to your new address so it doesn’t fall into the wrong hands. You can set up your re- direction online, or visit your local Post Office branch. You should also consider locking your mailbox if someone could get access to it. Shred your documents: It’s best practice to shred your utility bills, bank statements, and any other documents with personally identifiable information on them before you recycle them. While you might not think anyone has time to go through your bins, you’d be surprised at the lengths criminals are willing to go to to steal your money. Check your credit score and report regularly: With ClearScore’s Alerts feature, you’ll receive regular updates based on changes on your Equifax credit report. Keep an eye on any updates to spot suspicious activity early and take action quickly. 4. 5. 6. 7. 28
1. Visit ClearScore Protect to find out if your passwords are for sale on the dark web. 2. If you find your passwords are for sale on the dark web, change all your passwords right away. 3. If you become a victim of fraud, contact your bank and lenders, Action Fraud, Cifas and Victim Support for help - also keep on eye on your ClearScore report to catch suspicious activity early. 4. The UK population is good at making complex passwords, with only 17% using the phrase ‘password’ or numerical sequence ‘123’ in their password and 73% of people not including personal info in their passwords. 5. People in the UK also seem to largely adhere to the advice that it’s wise to have one password for every online account, with 46% of those surveyed having five or more passwords. 6. Password managers are your friend. Only 23% of Brits use a pass- word manager but these are invaluable tools to help ensure your password hygiene is tip-top. Key takeaways 1. 29
Conclusion THANK YOU FOR READING ClearScore’s first ever Darkpaper covered a lot of ground. It started off by diving into people’s conceptions and misconceptions about the dark web, before setting the record straight with the truth. The Darkpaper then looked into the state of online fraud in 2020 and what that has to do with the dark web, namely that it is used as a market- place to sell people’s data and steal their identities. It was here that it un- veiled the frightening statistic that a third of the UK population has fallen victim to online fraud. Then it explored the impact COVID-19 has had on the online fraud landscape, notably that it has generated a vast array of coronavirus-related scams looking to exploit people’s fears, already robbing UK residents of £1.6 million In the final part of the Darkpaper, the focus was on how individuals can protect themselves. This included information about ClearScore Protect, the new dark web monitoring service, which detects whether your passwords are located on the dark web so you can be proactive about changing all your passwords, helping to prevent online fraud. From the team at ClearScore, we hope you finish reading this feeling empowered to share your knowledge so that more people know how to take precautions and protect themselves against online fraud. With this in mind, see the checklist of measures that readers of this Darkpaper can take to protect themselves against online scams. Ǩ Get a ClearScore account - with the ClearScore Alerts fea- ture you’ll receive regular updates based on daily changes on your Equifax credit report meaning you can take action quickly if you detect any suspicious activity. You can get started here. Ǩ Get ClearScore Protect - once you have a ClearScore account you can activate ClearScore Protect, which will notify you if any passwords associated with your email address are on the dark web so you can proactively change all your passwords and avoid becoming a victim of fraud. Find out more here. Ǩ Change up all your passwords - ensure they are as compli- cated as possible. That means no “password”, “123” or any personal information. Ǩ Create one password for every online account - keep track of your passwords with a password manager like 1Password which is available at a discounted price if you download ClearScore Protect. Ǩ Set all your social media sites to private - stop criminals from trawling them for personal information about you. Ǩ Set a reminder to check your bank statements regularly Flag any unusual activity with your bank. Ǩ Get a lock for your mailbox - the only person who should have access to your mail is you. Ǩ Buy a shredder - and destroy all documents that have any personal information on them before you recycle them. ONLINE FRAUD PROTECTION CHECKLIST 30
ABOUT CLEARSCORE ClearScore is the UK’s number one free credit score and financial product marketplace. Founded in 2015 with the mission to help users take control of their financial health, ClearScore is the industry leader in giving everybody access to their credit score and report for free, forever. Winners of prestigious awards such as the Queens Award for Enter- prise and featuring on The Sunday Times Best Companies to Work For list, ClearScore combines a team of industry experts, sophisticated algorithms and clever tech with a trustworthy brand. The result is a beautiful product that delivers an experience that is clear, calm and easy to understand. ClearScore uses data every step of the way to ensure that users see the most relevant financial products for them, giving them the tools to manage their finances in a way that suits them. With over 9 million UK users, and a further 2 million worldwide, Clear- Score constantly innovates to help their users on a journey to greater financial wellbeing. Co-founded by CEO, Justin Basini, ClearScore is based in London and is supported by investment from QED Investors, Blenheim Chalcot and Lead Edge Capital. CONTACTS If you have any questions about this Darkpaper and its contents, or would like to find out more about ClearScore or ClearScore Protect, please contact: Alice Spraggon or Mary Taylor at clearscore@clarity.com. METHODOLOGY Proprietary data comes from three sources in this Darkpaper. The majority of the data was produced from ClearScore’s nationally representative survey with research agency Vitreous World, looking at the attitudes of 3,000 UK consumers in April 2020 around their under- standing and experiences of the dark web, online fraud and password safety. Data was collected via an online survey with a margin of error of +/- 1.8%. Data on financial concerns and basic understanding of the dark web was sourced from a nationally representative Medialab YouGov survey of 2,026 UK consumers. Total sample size was 2,026 adults. Fieldwork was undertak- en between 7th - 10th February 2020. The survey was carried out online. The figures have been weighted and are representative of all GB adults (aged 18+). Data on the average number of account passwords stolen and made available on the dark web was sourced directly from ClearScore Protect’s early user base of 305,000 people. 31
Endnotes 1 Cambridge University Press, ‘Meaning of dark web in English’, The Cambridge Dictionary[web article], 2020, https://dictionary.cam- bridge.org/dictionary/english/dark-web, (accessed 15 April 2020). 2 Marshall, C; Vukcevic, A., ‘What is the dark web? How safe is it and how to access it? Your questions answered’, Techradar [web article], 11 June 2019, https://www.techradar.com/uk/news/what-is- the-dark-web-how-safe-is-it-and-how-to-access-it-your-questions- answered, (accessed 15 April 2020). 3 Shim, T., ‘How to access the Dark Web: Browsing Dark Web, TOR Browser, and .Onion Websites’, Web Hosting Secret Revealed [web article], 30 March, 2020, https://www.webhostingsecretre- vealed.net/blog/web-tools/tourist-guide-to-dark-web-accessing- the-dark-web-tor-browser-and-onion-websites/, (accessed 15 April 2020). 4 Pagliery, J., ‘The Deep Web you don’t know about’, CNN [web article], 10 March, 2014, https://money.cnn.com/2014/03/10/tech- nology/deep-web/index.html, (accessed 15 April 2020). 5 Owen, G., Savage, N., ‘ The Tor Dark Net’, The Global Commis- sion on Internet Governance, Ontario, Canada and Chatham House (The Royal Institute of International Affairs), London, England, 2015, https://www.cigionline.org/sites/default/files/no20_0.pdf, accessed 15 April 2020. 6 Butler, S., ‘Dark Web History: Where Did It Come From?’, Technadu [Web Article], 23 December 2018, https://www.technadu. com/dark-web-history/52017/, (accessed 15 April 2020). 7 Aiello, C, ‘Under Armour says data breach affected about 150 million MyFitnessPal accounts’, CNBC [webarticle], 29 March, 2018, https://www.cnbc.com/2018/03/29/under-armour-stock-falls-af- ter-company-admits-data-breach.html (accessed 23 April 2020). 8 ​MacRae, D., ‘75% of Large Businesses Suffered Security Breaches in 2019’, Digit[Online Article], 27 March 2020, https://digit. fyi/75-of-large-businesses-suffered-security-breaches-in-2019/, accessed 15 April 2020. 9 ​Mansfield, J., ‘How much is your data worth on the dark web?’, SC Media[Online Article], 24 January 2020, https://www.scmaga- zineuk.com/data-worth-dark-web/article/1668693, accessed 16 April 2020. 10 Townsend, M., ‘Fraudsters exploiting Covid-19 fears have scammed £1.6m’, The Guardian [Online Article], 4 April 2020, https:// www.theguardian.com/world/2020/apr/04/fraudsters-exploiting- covid-19-fears-have-scammed-16m, accessed 16 April 2020. 32
11 Corfield, G., ‘Online face mask sales scams, 400% uptick of coronavirus phishing reports: Brit cops’ workload shifts online along with the nation’s’, The Register[Online Article], 20 March 2020, https://www.theregister.co.uk/2020/03/20/coronavirus_scam_re- ports_police_up_400pc/, accessed 16 April 2020. 12 ​Ibid. 13 ​​Townsend, M., ‘Fraudsters exploiting Covid-19 fears have scammed £1.6m’, The Guardian [Online Article], 4 April 2020, https:// www.theguardian.com/world/2020/apr/04/fraudsters-exploiting- covid-19-fears-have-scammed-16m, accessed 16 April 2020. 14 ​HMRC, ‘Guidance: Examples of HMRC related phishing emails and bogus contact’, gov.uk [Online Article], 27 March 2020, https:// www.gov.uk/government/publications/phishing-and-bogus-emails- hm-revenue-and-customs-examples/phishing-emails-and-bogus- contact-hm-revenue-and-customs-examples, accessed 16 April 2020. 15 NCA, ‘Beware fraud and scams during Covid-19 pandem- ic fraud’, National Crime Agency [Online Article], 26 March 2020, https://nationalcrimeagency.gov.uk/news/fraud-scams-covid19, accessed 16 April 2020. 33

Recommended

2600 v25 n1 (spring 2008)
2600 v25 n1 (spring 2008)2600 v25 n1 (spring 2008)
2600 v25 n1 (spring 2008)Felipe Prado
 
Developer’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerDeveloper’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerAnonDownload
 
Developer’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerDeveloper’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerAnonDownload
 
Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013Henrik Kramshøj
 
Tor talk-prosa-screen
Tor talk-prosa-screenTor talk-prosa-screen
Tor talk-prosa-screenHenrik Kramshøj
 
Cybersecurity winter is not coming…
Cybersecurity winter is not coming…Cybersecurity winter is not coming…
Cybersecurity winter is not coming…ITrust - Cybersecurity as a Service
 
Global Commision on Internet Governance
Global Commision on Internet GovernanceGlobal Commision on Internet Governance
Global Commision on Internet GovernanceDominic A Ienco
 
2010q1 Threats Report
2010q1 Threats Report2010q1 Threats Report
2010q1 Threats ReportMcafeeCareers
 

Recommended

2600 v25 n1 (spring 2008)
2600 v25 n1 (spring 2008)2600 v25 n1 (spring 2008)
2600 v25 n1 (spring 2008)Felipe Prado
 
Developer’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerDeveloper’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerAnonDownload
 
Developer’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerDeveloper’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerAnonDownload
 
Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013Henrik Kramshøj
 
Tor talk-prosa-screen
Tor talk-prosa-screenTor talk-prosa-screen
Tor talk-prosa-screenHenrik Kramshøj
 
Cybersecurity winter is not coming…
Cybersecurity winter is not coming…Cybersecurity winter is not coming…
Cybersecurity winter is not coming…ITrust - Cybersecurity as a Service
 
Global Commision on Internet Governance
Global Commision on Internet GovernanceGlobal Commision on Internet Governance
Global Commision on Internet GovernanceDominic A Ienco
 
2010q1 Threats Report
2010q1 Threats Report2010q1 Threats Report
2010q1 Threats ReportMcafeeCareers
 
Introduction to Hacktivism
Introduction to HacktivismIntroduction to Hacktivism
Introduction to HacktivismPhil Huggins FBCS CITP
 
Online Privacy: How to Protect Your Activity and Communications
Online Privacy: How to Protect Your Activity and CommunicationsOnline Privacy: How to Protect Your Activity and Communications
Online Privacy: How to Protect Your Activity and CommunicationsStephanie Wilkinson - Full Stack Developer
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywordskhansalman19
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
privtechsomeassemb
privtechsomeassembprivtechsomeassemb
privtechsomeassembJonathan Alley
 
Why We Need a Dark(er) Web
Why We Need a Dark(er) WebWhy We Need a Dark(er) Web
Why We Need a Dark(er) WebJeroen Baert
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics Deepak Kumar (D3)
 
2600 v24 n4 (winter 2007)
2600 v24 n4 (winter 2007)2600 v24 n4 (winter 2007)
2600 v24 n4 (winter 2007)Felipe Prado
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"CloudCamp Chicago
 
Privacy is for losers 2016
Privacy is for losers 2016Privacy is for losers 2016
Privacy is for losers 2016Cain Ransbottyn
 
ISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisLars Hilse Global Thought Leader in #CyberSecurity, #CyberTerrorism, #CyberDefence, #CyberCrime
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityKeshavBhardwaj19
 
2600 v08 n2 (summer 1991)
2600 v08 n2 (summer 1991)2600 v08 n2 (summer 1991)
2600 v08 n2 (summer 1991)Felipe Prado
 
Uk Cyber Security Survey 2019
Uk Cyber Security Survey 2019Uk Cyber Security Survey 2019
Uk Cyber Security Survey 2019Ipsos UK
 
From Convicts to Pirates: Illegal Downloading in Australia
From Convicts to Pirates: Illegal Downloading in Australia From Convicts to Pirates: Illegal Downloading in Australia
From Convicts to Pirates: Illegal Downloading in Australia Ebony Crump
 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Bangladesh Network Operators Group
 
Data on a leash
Data on a leashData on a leash
Data on a leashSherry Jones
 
International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxchrixymae
 
Darknet
DarknetDarknet
DarknetBijayKumarSingh11
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimesrinushalu
 
DCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetDCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetPaul Elliott
 

More Related Content

What's hot

Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywordskhansalman19
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Why We Need a Dark(er) Web
Why We Need a Dark(er) WebWhy We Need a Dark(er) Web
Why We Need a Dark(er) WebJeroen Baert
 
2600 v24 n4 (winter 2007)
2600 v24 n4 (winter 2007)2600 v24 n4 (winter 2007)
2600 v24 n4 (winter 2007)Felipe Prado
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"CloudCamp Chicago
 
Privacy is for losers 2016
Privacy is for losers 2016Privacy is for losers 2016
Privacy is for losers 2016Cain Ransbottyn
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityAbhimanyu Singh
 
2600 v08 n2 (summer 1991)
2600 v08 n2 (summer 1991)2600 v08 n2 (summer 1991)
2600 v08 n2 (summer 1991)Felipe Prado
 
Uk Cyber Security Survey 2019
Uk Cyber Security Survey 2019Uk Cyber Security Survey 2019
Uk Cyber Security Survey 2019Ipsos UK
 
From Convicts to Pirates: Illegal Downloading in Australia
From Convicts to Pirates: Illegal Downloading in Australia From Convicts to Pirates: Illegal Downloading in Australia
From Convicts to Pirates: Illegal Downloading in Australia Ebony Crump
 

What's hot (18)

Introduction to Hacktivism
Introduction to HacktivismIntroduction to Hacktivism
Introduction to Hacktivism
 
Online Privacy: How to Protect Your Activity and Communications
Online Privacy: How to Protect Your Activity and CommunicationsOnline Privacy: How to Protect Your Activity and Communications
Online Privacy: How to Protect Your Activity and Communications
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 
privtechsomeassemb
privtechsomeassembprivtechsomeassemb
privtechsomeassemb
 
Why We Need a Dark(er) Web
Why We Need a Dark(er) WebWhy We Need a Dark(er) Web
Why We Need a Dark(er) Web
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics
 
2600 v24 n4 (winter 2007)
2600 v24 n4 (winter 2007)2600 v24 n4 (winter 2007)
2600 v24 n4 (winter 2007)
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
 
Privacy is for losers 2016
Privacy is for losers 2016Privacy is for losers 2016
Privacy is for losers 2016
 
ISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism AnalysisISIS Cyber Terrorism Analysis
ISIS Cyber Terrorism Analysis
 
The Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet AnonymityThe Deep Web, TOR Network and Internet Anonymity
The Deep Web, TOR Network and Internet Anonymity
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
2600 v08 n2 (summer 1991)
2600 v08 n2 (summer 1991)2600 v08 n2 (summer 1991)
2600 v08 n2 (summer 1991)
 
Uk Cyber Security Survey 2019
Uk Cyber Security Survey 2019Uk Cyber Security Survey 2019
Uk Cyber Security Survey 2019
 
From Convicts to Pirates: Illegal Downloading in Australia
From Convicts to Pirates: Illegal Downloading in Australia From Convicts to Pirates: Illegal Downloading in Australia
From Convicts to Pirates: Illegal Downloading in Australia
 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet?
 
Data on a leash
Data on a leashData on a leash
Data on a leash
 

Similar to ClearScore Darkpaper reveals dangers of dark web and online fraud

International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxchrixymae
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimesrinushalu
 
DCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetDCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetPaul Elliott
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?Pierluigi Paganini
 
Dark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic SeDark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic SeOllieShoresna
 
DarkNet_article_wn17
DarkNet_article_wn17DarkNet_article_wn17
DarkNet_article_wn17Ed Alcantara
 
DarkNet_article_wn17
DarkNet_article_wn17DarkNet_article_wn17
DarkNet_article_wn17Ed Alcantara
 
What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?FarjanaMitu3
 
Dark Net
Dark NetDark Net
Dark NetRiya V
 
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docx1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docxRAJU852744
 
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxdarkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxGeetha982072
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityMuhammad Hamza
 
Privacy reconsidered
Privacy reconsideredPrivacy reconsidered
Privacy reconsideredBrian Rowe
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 
Cyber CrimeAs Internet usage is growing daily the world is coming.pdf
Cyber CrimeAs Internet usage is growing daily the world is coming.pdfCyber CrimeAs Internet usage is growing daily the world is coming.pdf
Cyber CrimeAs Internet usage is growing daily the world is coming.pdfvichu19891
 
The house believes that internet acces is a human right
The house believes that internet acces is a human rightThe house believes that internet acces is a human right
The house believes that internet acces is a human rightAgustina
 

Similar to ClearScore Darkpaper reveals dangers of dark web and online fraud (20)

International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptx
 
Darknet
DarknetDarknet
Darknet
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimes
 
DCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_NetDCB1309 - F2_Dark_Net
DCB1309 - F2_Dark_Net
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?
 
Dark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic SeDark Web Kristin Finklea Specialist in Domestic Se
Dark Web Kristin Finklea Specialist in Domestic Se
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
DarkNet_article_wn17
DarkNet_article_wn17DarkNet_article_wn17
DarkNet_article_wn17
 
DarkNet_article_wn17
DarkNet_article_wn17DarkNet_article_wn17
DarkNet_article_wn17
 
What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?What are cybercrimes? How cybercrime works?
What are cybercrimes? How cybercrime works?
 
Deep web
Deep webDeep web
Deep web
 
Dark Net
Dark NetDark Net
Dark Net
 
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docx1Running head CYBERPHOBIA3CYBERPHOBIA.docx
1Running head CYBERPHOBIA3CYBERPHOBIA.docx
 
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptxdarkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
darkwebbbvxvbjvccjjbvcgjnbvvvbnhc nmk.pptx
 
Cyber Crime Essays
Cyber Crime EssaysCyber Crime Essays
Cyber Crime Essays
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Privacy reconsidered
Privacy reconsideredPrivacy reconsidered
Privacy reconsidered
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar Report
 
Cyber CrimeAs Internet usage is growing daily the world is coming.pdf
Cyber CrimeAs Internet usage is growing daily the world is coming.pdfCyber CrimeAs Internet usage is growing daily the world is coming.pdf
Cyber CrimeAs Internet usage is growing daily the world is coming.pdf
 
The house believes that internet acces is a human right
The house believes that internet acces is a human rightThe house believes that internet acces is a human right
The house believes that internet acces is a human right
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

ClearScore Darkpaper reveals dangers of dark web and online fraud

  • 1. The ClearScore Darkpaper THE DANGER OF THE DARK WEB 2020 Shining a light on the data being sold on the dark web and how we can protect ourselves.
  • 2. Key Findings SHORT ON TIME? HERE ARE THE KEY OUTTAKES MOST UK RESIDENTS HAVE A DECENT UNDERSTANDING OF THE DARK WEB. 2 People in the UK think the #DarkWeb is used for illegal pornography (46%), drug dealing (46%) and buying/selling people’s #data (44%). Get @ClearScore Protect to see if your #passwords have been stolen. TweetGIF A quarter of UK residents think some of their data could be for sale on the #DarkWeb, although over 55s are most likely not to know (53%). Find out if your #passwords have been stolen with @ClearScore Protect. TweetGIF If people found out their #data was for sale on the #DarkWeb they’d either change all their #passwords (43%) or call the police (33%). Check out if your passwords have been stolen with @ClearScore Protect. TweetGIF Half of people (52%) think the #DarkWeb is run by cybercriminals, although a quarter don’t know who is behind it. Read @Clear- Score’s Dark Web #Fraud Darkpaper for the truth. TweetGIF
  • 3. PASSWORD HABITS NEED SIGNIFICANT IMPROVEMENT. 3 People in the UK are most likely to only rotate two to three #passwords for their online accounts - although nearly a third (29%) have five to ten passwords. Improve your password hygiene with @ClearScore Protect. TweetGIF A third (32%) of #GenZ (18 to 24 year olds) have used ‘password’ or ‘123’ in a #password - this jumps down to 17% for the whole pop- ulation. Learn how to make a super secure password with @ClearScore’s #DarkWeb #Fraud Darkpaper. TweetGIF 41% of people include a birthday in their #password, 34% a child’s name and 27% a pet’s name. Change your stolen passwords to something more secure with @Clear- Score Protect. TweetGIF
  • 4. ONLINE FRAUD REMAINS A HUGE PROBLEM IN THE UK. 4 A third (33%) of people in the UK have been victims of #OnlineFraud. Find out more in @ClearScore’s #DarkWeb #Fraud Darkpaper. TweetGIF Around half of #Millennials aged 25 to 34 (48%) and 42% of people who live in London have been victims of #OnlineFraud. Learn more about #DarkWeb #Fraud with @ClearScore’s new Darkpaper. TweetGIF Banking details were compromised in 58% of #OnlineFraud cases in the UK. Find out more in @ClearScore’s Dark Web #Fraud Darkpaper. TweetGIF New research found that #OnlineFraud was most likely to cost individuals between £101 and £500. Learn more about #DarkWeb #Fraud with @ClearScore’s new Darkpaper. TweetGIF More than half (55%) of people are more concerned about online scams and identity theft because of the #COVID-19 pandemic. Check out @ClearScore’s #DarkWeb #Fraud Darkpaper for more info. TweetGIF
  • 5. Overview ClearScore’s Darkpaper: The danger of the dark web 2020 examines UK citizens’ understanding of the dark web and online fraud alongside the latest industry insight on these themes. It will also take a look at how COVID-19 has affected online fraud and people’s perceptions of it, before concluding with actionable guidance on how individuals can protect themselves from this growing threat. The purpose of this Darkpaper is to highlight the problem that online fraud poses to the UK’s population and help guide them to a better understanding of online security with the launch of ClearScore Pro- tect. ClearScore Protect is a free dark web monitoring service provided to all ClearScore users, for free. Every three months, ClearScore privately and securely runs a scan of the dark web, monitoring for any stolen passwords associated with your ClearScore-registered email address. You’ll be alerted by email if any of your data is found so that you can take action and secure your accounts against fraudsters. You’ll also get personalised security tips to help protect your identity. For enhanced protection, ClearScore also offers Protect Realtime - a subscription service for just £2.99 a month which monitors the dark web daily for up to three email addresses. ClearScore will scan for names, phone numbers, postcodes and other data that has been compromised in addition to passwords. ClearScore Protect, dark web monitoring, for free, forever. Activate ClearScore Protect here. 5
  • 6. 7 Foreword: statements from Justin Basini, CEO and co-founder of ClearScore; Troy Hunt, founder of Have I been pwned 8—12 Section One: What’s so dark about the dark web? 13—16 Section Two: Fraud on the dark web 17—20 Section Three: A note on COVID-19 21—29 Section Four: How can we protect ourselves? 30-31 Conclusion, Methodology & About ClearScore 32-33 Endnotes What you’ll find in this Darkpaper 6
  • 7. Forewords “We launched ClearScore in 2015 to help people achieve greater financial well-being by providing credit scores and reports for free, forever. We now serve 9 million people in the UK. A big part of financial well-being is understanding how and where your data is being used, and so we designed ClearScore Protect 18 months ago to help consumers take control of their online presence. I myself have fallen victim to identity theft and have had first-hand experience of how it can an impact a person's financial and mental well-being. On behalf of the team at ClearScore, I hope that ClearScore Protect and the guidance in this Darkpaper will help you steer clear from becoming a victim of online fraud.” — JUSTIN BASINI, CEO & CO-FOUNDER CLEARSCORE “There’s a fundamental lack of cyber security awareness amongst consumers and it’s leading to a great deal of personal distress, both emotional and financial. ClearScore Protect is a great consumer resource, especially given it provides tailored sup- port from a human by way of Protect Realtime. This can make a huge difference to those who’ve just lost money to cybercriminals. Online fraud has been plaguing consumers for years, I hope the launch of Protect helps drive consumer awareness around online safety.” — TROY HUNT, WEB SECURITY EXPERT & CREATOR OF ‘HAVE I BEEN PWNED?’ 7
  • 8. SECTION 1: What’s so dark about the dark web? EXAMINING PEOPLE’S CONCEPTIONS & MISCONCEPTIONS ABOUT THE DARK WEB WHAT IS THE “DARK WEB”? The Cambridge Dictionary defines the dark web as: Dark web noun (also dark net) “parts of the internet that are encrypted (= use a secret code), and that cannot be found using ordinary search engines, and that are sometimes used for criminal activity.” 1 Dark fact: You may have heard the term “deep web” as well as dark web and assumed they are the same thing, but they’re not. The dark web is actually a small, encrypted (locked up) part of the much larger deep web, which is the 95% of the internet not indexed by web search engines like Google. Content on the deep web includes academic journals, company intranets and even your email account.4 This matches relatively well with the UK population’s general under- standing of the dark web. They may not know how to access it neces- sarily, but popular culture (alongside stock images of people in hoodies in front of computers) means 83% of Brits have heard of the dark web and most (69%) see it as “a hotbed of all sorts of criminal activity”. • The dark web refers to all websites that are only accessible through a TOR network. • TOR stands for “The Onion Router”, so- called because it sends encrypted traffic through layers of relays around the world so as to hide the website, the searcher and their location.2 • In a nutshell, everything on the dark web is there because it wants to be anonymous. • To access the dark web, you have to down- load the TOR browser and you can then surf it either by knowing the web address you want to visit or using a search engine like DuckDuckGo.3 SO...WHAT ACTUALLY IS IT? 8
  • 9. WHO RUNS THE DARK WEB? More than half of people in the UK think the dark web is run by criminals (52%), but a quarter of the general populace aren’t sure. 52% Criminals 7% A distributed network of volunteers 3% The government 8% All of the above 5% No-one 25% I don’t know 52% 7% 8% 5% 25% 3% 9
  • 10. WHAT IS THE DARK WEB USED FOR? When we asked our respondents what the dark web is used for, we gave them seven options to pick from (alongside “I don’t know” and “Other”) all of which are in fact correct. Drug dealing Illegal pornography Selling/buying people’s data Weapons dealing Hiring hitmen Whistleblowing Getting discounted Netflix subscriptions I don’t know Other 46% 35% 44% 46% 15% 35% 6% 4% 18% 2% 10
  • 11. SO...WHAT IS REALLY ON THE DARK WEB? A study from 2015 by Gareth Owen and Nick Savage (both from the University of Portsmouth) on behalf of the Global Commission on Internet Governance collected data on the dark web for six months to analyse the type and popularity of its content. The study shows that while crime (especially drugs) is a big part of the dark web, there is also less insidious content like bitcoin, and its anonymity can be used for good, for example for whistleblowing and activism.5 Dark fact: No one actually runs or owns the dark web. It is known as a decentralised internet which means everyone owns and controls their own data. The invention of the dark web is typically thought to have taken place in the early 2000s, most notably with the release of TOR by the US government, who built it to help their own operatives remain untraceable.6 11
  • 12. 1. The dark web is part of the deep web which can’t be accessed using normal search engines like Google. It uses TOR (The Onion Router) in order to keep visitors and websites anonymous. 2. Despite 52% of Brits believing the dark web is run by criminals, it’s actually run and owned by no-one. 3. The dark web is predominantly used for criminal activity like fraud but is also used for good, like whistleblowing and activism. If you want to learn more about the dark web, check out this blog on the ClearScore website. Key takeaways 12
  • 13. SECTION 2: Fraud on the dark web WHAT ARE DARK WEB CRIMINALS DOING WITH MY DATA? As we saw in the last section, the third most common kind of content on the dark web is fraud related. But how does this affect people in the UK? HOW MUCH DO UK RESIDENTS CARE ABOUT FRAUD? A separate piece of market research conducted on behalf of Clear- Score in March 2020 found that Brits’ biggest financial concern is saving money, with 23% of the population placing this as their number one money worry. However, the second and third biggest stresses are identity theft and fraud (for example, their credit card information being used against them). HOW BADLY IS THE UK AFFECTED BY ONLINE FRAUD? Our data found that one third (33%) of the UK population admitted to being victims of online fraud. Victims were more likely to be men (53% of whom were affected), aged between 25 and 34 (26% of whom were affected) and live in the South East (15% of whom were affected). Interestingly, wealth has nothing to do with it; there’s only one percentage point difference in the proportion of those typically defined as the middle and working classes who have fallen victim to online fraud. In terms of how much money is stolen from individuals in these cases, 31% of those sur- veyed who had fallen victim to online fraud lost between £101 and £500, 5% lost £1,001 to £2,000 and 3% lost over £2,000. Losing any amount of money to online fraud is incredibly stressful, not only because of the financial im- pact but also because of the time and effort it can take to try to reclaim money. In some cases, people may not be able to get their money back at all which can have a significant emotional and mental toll on individuals and their families. 13
  • 14. HOW DOES ONLINE FRAUD HAPPEN? The easiest way for criminals to steal your money is to get access to your data, most importantly your financial information i.e. your debit or credit card details. Other data is also valuable, especially passwords which can give criminals access to your financial information, or other details like your date of birth or address which can help fraudsters “prove” your identity. Data gets leaked in what is known as a “data breach”. These can be huge, such as the 2018 breach of Under Armour-owned fitness app MyFitnessPal where 150 million user records were leaked. Or they can be very targeted, using a variety of methods to steal data from one individual.7 The most common causes of data breaches include: • Hacking into a database or system because there are vulnerabilities (holes) in the software protecting it. • Phishing attacks (scam emails that trick people into giving away their data or downloading malware / a virus that breaks into people’s devices and steals their data). • Poor password hygiene i.e. users having easy-to-guess passwords or using the same password across multiple accounts. When you were affected by online fraud how much money (if any) was stolen from you? No money stolen £1 - £100 £191 - £500 £501 - £1,000 £1,001 - £2,000 £2,000 + Prefer not to say 16% 31% 13% 5% 3% 2% 29% 14
  • 15. z These methods (amongst others) are constantly evolving to catch people out which means that data breaches are very common. To put this into perspective, in 2019, 46% of businesses in the UK suffered a data breach.8 As a result, the 305,000 users who have activated ClearScore Protect found that an average of seven passwords had been stolen and found on the on the dark web. Our study found that people underestimate how common data breaches are, or assume they haven’t been affected because they haven’t suffered (or noticed) repercussions. In fact, only a quarter thought that their data could be for sale on the dark web, with 22% believing their data wasn’t for sale on the dark web and 53% not being sure. Dark facts about online fraud Some information about what cybercriminals are doing with your data on the dark web from Acuris Risk Intelli- gence: • A typical internet user’s entire data worth has been calculated to be £987 to hackers.9 All of your data in one package is referred to as “Fullz” and would allow criminals to act completely as you online, e.g. opening new accounts, changing passwords and transferring money. • But, the amount criminals pay for your data depends on factors like how much data is involved in a package (i.e. is it just your email address, or is there a password and credit card info in there as well) and how much money you have in your bank account. • Passwords are especially precious when they’re “Fresh” meaning they haven’t been exploited before - this is because criminals will assume that your password to one thing will be the same as your pass- words to other things, based on your age, gender etc. “Fresh” passwords can sell for $10 to $100 (£8 to £80). • Once these “Fresh” passwords have been used, criminals will post them on dark web forums for use by anyone in order to cover their own tracks. Acuris picks up between 50 to 100 million of these every day. • Personal information like birth dates are also valuable as criminals can check these against birth registers to get answers to security questions like parents’ names and maiden names. • 99.9% of dark web purchases take place using Bitcoin or similar anonymous cryptocurrencies. 15
  • 16. 1. Identity theft and fraud are some of the UK population’s biggest financial concerns. 2. 33% of the UK population have been victims of fraud. 3. Of our survey respondents, victims of fraud most commonly lost between £101 and £500. 4. The average ClearScore user found they had passwords from seven online accounts leaked onto the dark web. 5. The average person’s full “data worth” to a hacker is £987. Key takeaways 16
  • 17. SECTION 3: A note on COVID-19 HOW THE CORONAVIRUS HAS IMPACTED FRAUD With this Darkpaper launching in April 2020, the UK (and the wider world) is experiencing significant challenges because of the corona- virus pandemic. Everything has been touched in some way by the virus, including online fraud, with cybercriminals adopting the insidious strategy of exploiting people’s fears about COVID-19 for financial gain. IS THE UK POPULATION NOTICING A DIFFERENCE? UK residents are feeling the impact of this change in online fraud, with more than half (55%) being more concerned about online scams and identity theft than before. Young people aged 18 to 34 in particu- lar are feeling more concerned than before (63%). The majority (61%) also believe the number of online scams and instances of identity theft have increased since the outbreak. Do you feel more, or less, concerned about online scams and identity theft now that more people are working from home because of COVID-19? Do you think the number of online scams and instances of identity theft has changed since the outbreak of COVID-19? 55% 39% 6% 61% 17% 16% 6% 61% 6% 16% 17% I think the number has increased I think the number has decreased I think it’s stayed the same I don’t know 55% 6% 39% More concerned Less concerned About the same 17
  • 18. A FEW THINGS TO LOOK OUT FOR... Source: Fortinet Coronavirus-themed emails or websites that push you to download an attachment, like this example from a hacker posing as the World Health Organisation. Those who download the attachment will find their device infected with a data-stealing malware (virus).10 WHAT KIND OF COVID-19 RELATED SCAMS ARE OUT THERE? The UK population is right to be concerned. The National Fraud Intelligence Bureau (NFIB) reported that coronavirus-related fraud reports spiked by 400% from mid-February until the end of March, predominantly related to fake sales of face masks, hand sanitisers and other similar protective equipment.11 There has also been an uptick in cybercrime forum activity, with criminals offering dis- counts on COVID-19-related scams and phishing attacks.12 Dark fact: The NFIB reported in April that COVID-related fraud has scammed UK citizens out of £1.6 million since the start of the epidemic.13 18
  • 19. The variety of scams out there is immense, so it’s wise to always remember the NCA’s advice on how to avoid becoming a victim of fraud. For more information on addressing COVID- 19-related financial concerns, check out ClearScore’s COVID-19 hub. A FEW THINGS TO LOOK OUT FOR... Communications from insurance companies or HMRC that request your bank details or other personal information in exchange for what seems like an amazing offer like a tax rebate. If an offer seems too good to be true, it probably is.14 Stop: Taking a moment to stop and think before parting with your money or information could keep you safe. Challenge: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or cause you to feel panicked. Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.15 Source: HMRC 19
  • 20. 1. Over half of the UK population is more concerned about online scams and identity theft because of COVID-19 and the majority believe scams have increased since the outbreak. 2. These fears have been confirmed by the NFIB, with reports claim- ing that fraud has spiked by 400%, costing individuals £1.6 million since the start of the epidemic. 3. There are a variety of very creative scams out there, so it’s important to be very vigilant when clicking on or download- ing anything online or giving away any personal information. Key takeaways 20
  • 21. SECTION 4: How can you protect yourself? WHAT WOULD YOU DO IF YOU FOUND OUT YOUR PASS- WORD WAS FOR SALE ON THE DARK WEB? As this Darkpaper has illustrated, your passwords should be seen as codes to a safety deposit box that contains all of your wealth and potentially other precious information such as medical details and your address. This section illustrates that people in the UK have relatively good pass- word habits, but this may be breeding complacency. As we showcased in Section 2, it is worrying that only 25% of people think their data is for sale on the dark web when the average person who used Clear- Score Protect found passwords from seven online accounts were available on the dark web. What would you do if you found out your data was on the dark web? 43% 33% 3% 3% 1% 16% 1% Call the police Post on social media asking for help I wouldn’t do anything Change all of my passwords Get rid of all of my technology I don’t know Other If you find out your password has been leaked onto the dark web, change all of your pass- words right away. 21
  • 22. WHAT IS CLEARSCORE PROTECT? ClearScore Protect is a free dark web monitoring service provided to all ClearScore users, for free. Every three months, ClearScore privately and securely runs a scan of the dark web, monitoring for any stolen passwords associated with your ClearScore-registered email address. You’ll be alerted by email if any of your data is found so that you can take action and secure your accounts against fraudsters. You’ll also get personalised security tips to help protect your identity. For enhanced identity protection, ClearScore also offers Protect Realtime - a subscription service for just £2.99 a month, which moni- tors the dark web daily for up to three of your email addresses. Clear- Score will scan for names, phone numbers, postcodes and other data that has been compromised in addition to passwords. ClearScore Protect, dark web monitoring, for free, forever. You can find out more about ClearScore Protect here. 22
  • 23. WHAT DO I DO IF IT’S TOO LATE AND I’VE ALREADY BECOME A VICTIM OF FRAUD? Contact your bank and lenders First, let them know what’s happened. After they’ve completed their fraud investigations and confirmed the transactions to be fraudulent, they may be able to refund your money. Contant Action Fraud Action Fraud is the UK’s national reporting centre for fraud and cyber- crime. You can file a report online or talk to their specialists by calling 0300 123 2040. They’ll provide you with assistance on next steps. Contact Cifas - the leaders in fraud prevention Cifas offers a ‘Protective Registration’ service which places a warning on your credit report, alongside your personal details. This will be visible to banks and lenders when you’re applying for a product or service. When banks or lenders see this warning, they’ll use extra security meas- ures to ensure that the application is actually from you, not someone pretending to be you. Contact Victim Support Victim Support is an independent charity that helps anyone affected by crime. They provide free and confidential support 24-hours-a-day, whether you’ve reported the crime to the police or not. Subscribe to Protect Realtime For £2.99 a month, Protect Realtime sweeps the dark web daily to check if any information associated with up to three of your email address has been compromised. It also gives users tailored support if any data is uncovered on the dark web or if they unfortunately be- come victims of fraud. Monitor your ClearScore report Your ClearScore credit report is generated once a month, but with ClearScore’s Alerts feature, you’ll receive updates if there are any upcoming changes to your next credit report. Keep an eye on these updates. If you don’t recognise these changes, or any other informa- tion on your credit report, you can dispute this directly with Equifax, our partner credit reference agency. 1. 4. 2. 5. 3. 6. 23
  • 24. ARE THE UK’S PASSWORD HABITS GOOD ENOUGH? Make your passwords as complicated as possible We asked the UK population a few questions to determine the average complexity of their passwords. Starting with a positive note, only 17% of people have used the phrase ‘password’ or numerical sequence ‘123’ in a password and 73% don’t include any personal information in their passwords (for example, their birthday, children’s names or address). Have you ever included the phrase ‘password’ or number sequence ‘123’ in a password? 1. 83% 17%17% Yes 83% No THERE ARE THREE GOLDEN RULES TO REMEMBER WHEN IT COMES TO PASSWORDS: • Make your passwords as hard to guess as possible. • Never use the same password twice. • Get a password manager (for example 1Password) to help you remember your passwords. 24
  • 25. Do your passwords include any of your personal information e.g. your birthday, child’s name/birthday, your address, sports team, partner’s or family member’s name? Of the 27% of people that do include personal information in their passwords, including a birthday or birth date was most common with 41% admitting to doing so. Which of the following data have you included in your passwords? Dark fact: Young people are the worst offenders when it comes to having simplistic passwords, possibly because they’re more complacent having grown up with the internet. A third (32%) of 18 - 24 year olds have included ‘password’ or ‘123’ in a password and 40% use personal information in their password. So… what’s the secret to a really complicated password? • Never use obvious things like “password” or “123” or “qwerty”. • Don’t include personal information - this could easily be found with a simple trawl through your social media accounts. • Think long - passwords should be fifteen characters or more. • Use a mix of uppercase and lowercase letters, numbers and symbols. • Try adding three words together like ‘FishSeventeen- Sky’ to make a strong password. • Use a random password generator - 1Password (a password manager available at a discounted price when you download ClearScore Protect). 73% 27%27% Yes 73% No Birthday/birth date Child’s name Pet’s name Spouse or partner’s name Mother’s maiden name Sports team Anniversary Address/part of address Other 41% 34% 27% 5% 12% 12% 15% 16% 17% 25
  • 26. Never use the same password twice Everyone should have a different password for every account they have online. It’s very reassuring that over half (53%) of people surveyed said they use a different password for every online service they use, with 29% of people having five to ten pass- words and 17% having 11 or more. However, it’s worrying that just over a third of people in the UK (37%) have just two to three passwords which they rotate be- tween accounts. This is better than the 5% who have only one password they use for everything, but it is still not safe enough to provide protection from fraud. People are most likely to reuse the pass- word they use for their personal email accounts (19%) and social media networks (18%). How many different passwords do you have for all of your online accounts and apps (incl. email, Uber, online banking, Spotify, Netflix, etc)? For any of the following services, do you use the same password that you use for another service? 2. 5% 37% 29% 17% 6% 6% 5% 1 password (I use the same password for everything) 37% 2-3 passwords (I rotate 2-3 passwords I can remember) 29% 5-10 passwords 17% 11+ passwords 6% I don’t know 6% I’m not sure how many passwords I have because I use a password manager Health services Work services Personal devices Personal email accounts Smart home devices Gaming apps Banking None of the above/ I always use a different password Government services Work email accounts Social media networks Other 4% 4% 5% 5% 9% 9% 10% 11% 18% 19% 53% 1% 26
  • 27. OTHER THAN GREAT PASSWORD HYGIENE, WHAT ELSE CAN I DO TO PROTECT MYSELF AGAINST FRAUD? Keep your social media private: A hacker only needs three pieces of information to steal your identity - your name, address and date of birth. Once they have this, they can buy fake ID documents using your details. They can also use informa- tion you post on social media to guess your passwords. So be wary of oversharing online, and never put your birthday or address on your social media accounts. Check your bank statements: Don’t underestimate the importance of checking your bank state- ments regularly, and if you spot any suspicious transactions, report them to your bank or credit card provider immediately. Enable two-factor authentication on your important accounts: If your account is only protected by a password, it’s at risk of being hacked. Two-factor authentication adds another layer of protection by asking you to re-confirm your identity using something other than a password. This could be a text to your phone, or an authentication app. Two-factor authentication is a must for your email, banking, social, PayPal, ClearScore and password manager accounts. Dark fact: Only 23% of UK residents use a password manager, with 17% saying they’ve never even heard of password managers. It may seem like a lot of admin having a different pass- word for everything… but that’s what password managers have been invented for. With password managers, you only need to remember one password to unlock all of your accounts (so it’s worth making it really complex) and the manager locks away and remembers the rest of your passwords in a digital vault. Through ClearScore Protect you can get a discount on 1Password, a password manager with options for families and businesses which even tells you if services you have accounts with have suffered a data breach, or if they have a two-factor authentication option that you should be using. 1. 2. 3. Source: 1Password 27
  • 28. Be wary when opening emails or answering phone calls: Be vigilant of what lands in your inbox - if you’re even a little unsure about something, don’t reply or click on any links in the email. If the sender is pretending to be a real company, search for that company’s details and get in touch with them this way, rather than replying to the email. The same goes for phone calls. Sometimes a scammer will use the information they’ve stolen from you to make the phone call or email seem more legitimate, for example by stating your full name and address. Make sure your mail gets to you: If you’re moving house, make sure you redirect your mail to your new address so it doesn’t fall into the wrong hands. You can set up your re- direction online, or visit your local Post Office branch. You should also consider locking your mailbox if someone could get access to it. Shred your documents: It’s best practice to shred your utility bills, bank statements, and any other documents with personally identifiable information on them before you recycle them. While you might not think anyone has time to go through your bins, you’d be surprised at the lengths criminals are willing to go to to steal your money. Check your credit score and report regularly: With ClearScore’s Alerts feature, you’ll receive regular updates based on changes on your Equifax credit report. Keep an eye on any updates to spot suspicious activity early and take action quickly. 4. 5. 6. 7. 28
  • 29. 1. Visit ClearScore Protect to find out if your passwords are for sale on the dark web. 2. If you find your passwords are for sale on the dark web, change all your passwords right away. 3. If you become a victim of fraud, contact your bank and lenders, Action Fraud, Cifas and Victim Support for help - also keep on eye on your ClearScore report to catch suspicious activity early. 4. The UK population is good at making complex passwords, with only 17% using the phrase ‘password’ or numerical sequence ‘123’ in their password and 73% of people not including personal info in their passwords. 5. People in the UK also seem to largely adhere to the advice that it’s wise to have one password for every online account, with 46% of those surveyed having five or more passwords. 6. Password managers are your friend. Only 23% of Brits use a pass- word manager but these are invaluable tools to help ensure your password hygiene is tip-top. Key takeaways 1. 29
  • 30. Conclusion THANK YOU FOR READING ClearScore’s first ever Darkpaper covered a lot of ground. It started off by diving into people’s conceptions and misconceptions about the dark web, before setting the record straight with the truth. The Darkpaper then looked into the state of online fraud in 2020 and what that has to do with the dark web, namely that it is used as a market- place to sell people’s data and steal their identities. It was here that it un- veiled the frightening statistic that a third of the UK population has fallen victim to online fraud. Then it explored the impact COVID-19 has had on the online fraud landscape, notably that it has generated a vast array of coronavirus-related scams looking to exploit people’s fears, already robbing UK residents of £1.6 million In the final part of the Darkpaper, the focus was on how individuals can protect themselves. This included information about ClearScore Protect, the new dark web monitoring service, which detects whether your passwords are located on the dark web so you can be proactive about changing all your passwords, helping to prevent online fraud. From the team at ClearScore, we hope you finish reading this feeling empowered to share your knowledge so that more people know how to take precautions and protect themselves against online fraud. With this in mind, see the checklist of measures that readers of this Darkpaper can take to protect themselves against online scams. Ǩ Get a ClearScore account - with the ClearScore Alerts fea- ture you’ll receive regular updates based on daily changes on your Equifax credit report meaning you can take action quickly if you detect any suspicious activity. You can get started here. Ǩ Get ClearScore Protect - once you have a ClearScore account you can activate ClearScore Protect, which will notify you if any passwords associated with your email address are on the dark web so you can proactively change all your passwords and avoid becoming a victim of fraud. Find out more here. Ǩ Change up all your passwords - ensure they are as compli- cated as possible. That means no “password”, “123” or any personal information. Ǩ Create one password for every online account - keep track of your passwords with a password manager like 1Password which is available at a discounted price if you download ClearScore Protect. Ǩ Set all your social media sites to private - stop criminals from trawling them for personal information about you. Ǩ Set a reminder to check your bank statements regularly Flag any unusual activity with your bank. Ǩ Get a lock for your mailbox - the only person who should have access to your mail is you. Ǩ Buy a shredder - and destroy all documents that have any personal information on them before you recycle them. ONLINE FRAUD PROTECTION CHECKLIST 30
  • 31. ABOUT CLEARSCORE ClearScore is the UK’s number one free credit score and financial product marketplace. Founded in 2015 with the mission to help users take control of their financial health, ClearScore is the industry leader in giving everybody access to their credit score and report for free, forever. Winners of prestigious awards such as the Queens Award for Enter- prise and featuring on The Sunday Times Best Companies to Work For list, ClearScore combines a team of industry experts, sophisticated algorithms and clever tech with a trustworthy brand. The result is a beautiful product that delivers an experience that is clear, calm and easy to understand. ClearScore uses data every step of the way to ensure that users see the most relevant financial products for them, giving them the tools to manage their finances in a way that suits them. With over 9 million UK users, and a further 2 million worldwide, Clear- Score constantly innovates to help their users on a journey to greater financial wellbeing. Co-founded by CEO, Justin Basini, ClearScore is based in London and is supported by investment from QED Investors, Blenheim Chalcot and Lead Edge Capital. CONTACTS If you have any questions about this Darkpaper and its contents, or would like to find out more about ClearScore or ClearScore Protect, please contact: Alice Spraggon or Mary Taylor at clearscore@clarity.com. METHODOLOGY Proprietary data comes from three sources in this Darkpaper. The majority of the data was produced from ClearScore’s nationally representative survey with research agency Vitreous World, looking at the attitudes of 3,000 UK consumers in April 2020 around their under- standing and experiences of the dark web, online fraud and password safety. Data was collected via an online survey with a margin of error of +/- 1.8%. Data on financial concerns and basic understanding of the dark web was sourced from a nationally representative Medialab YouGov survey of 2,026 UK consumers. Total sample size was 2,026 adults. Fieldwork was undertak- en between 7th - 10th February 2020. The survey was carried out online. The figures have been weighted and are representative of all GB adults (aged 18+). Data on the average number of account passwords stolen and made available on the dark web was sourced directly from ClearScore Protect’s early user base of 305,000 people. 31
  • 32. Endnotes 1 Cambridge University Press, ‘Meaning of dark web in English’, The Cambridge Dictionary[web article], 2020, https://dictionary.cam- bridge.org/dictionary/english/dark-web, (accessed 15 April 2020). 2 Marshall, C; Vukcevic, A., ‘What is the dark web? How safe is it and how to access it? Your questions answered’, Techradar [web article], 11 June 2019, https://www.techradar.com/uk/news/what-is- the-dark-web-how-safe-is-it-and-how-to-access-it-your-questions- answered, (accessed 15 April 2020). 3 Shim, T., ‘How to access the Dark Web: Browsing Dark Web, TOR Browser, and .Onion Websites’, Web Hosting Secret Revealed [web article], 30 March, 2020, https://www.webhostingsecretre- vealed.net/blog/web-tools/tourist-guide-to-dark-web-accessing- the-dark-web-tor-browser-and-onion-websites/, (accessed 15 April 2020). 4 Pagliery, J., ‘The Deep Web you don’t know about’, CNN [web article], 10 March, 2014, https://money.cnn.com/2014/03/10/tech- nology/deep-web/index.html, (accessed 15 April 2020). 5 Owen, G., Savage, N., ‘ The Tor Dark Net’, The Global Commis- sion on Internet Governance, Ontario, Canada and Chatham House (The Royal Institute of International Affairs), London, England, 2015, https://www.cigionline.org/sites/default/files/no20_0.pdf, accessed 15 April 2020. 6 Butler, S., ‘Dark Web History: Where Did It Come From?’, Technadu [Web Article], 23 December 2018, https://www.technadu. com/dark-web-history/52017/, (accessed 15 April 2020). 7 Aiello, C, ‘Under Armour says data breach affected about 150 million MyFitnessPal accounts’, CNBC [webarticle], 29 March, 2018, https://www.cnbc.com/2018/03/29/under-armour-stock-falls-af- ter-company-admits-data-breach.html (accessed 23 April 2020). 8 ​MacRae, D., ‘75% of Large Businesses Suffered Security Breaches in 2019’, Digit[Online Article], 27 March 2020, https://digit. fyi/75-of-large-businesses-suffered-security-breaches-in-2019/, accessed 15 April 2020. 9 ​Mansfield, J., ‘How much is your data worth on the dark web?’, SC Media[Online Article], 24 January 2020, https://www.scmaga- zineuk.com/data-worth-dark-web/article/1668693, accessed 16 April 2020. 10 Townsend, M., ‘Fraudsters exploiting Covid-19 fears have scammed £1.6m’, The Guardian [Online Article], 4 April 2020, https:// www.theguardian.com/world/2020/apr/04/fraudsters-exploiting- covid-19-fears-have-scammed-16m, accessed 16 April 2020. 32
  • 33. 11 Corfield, G., ‘Online face mask sales scams, 400% uptick of coronavirus phishing reports: Brit cops’ workload shifts online along with the nation’s’, The Register[Online Article], 20 March 2020, https://www.theregister.co.uk/2020/03/20/coronavirus_scam_re- ports_police_up_400pc/, accessed 16 April 2020. 12 ​Ibid. 13 ​​Townsend, M., ‘Fraudsters exploiting Covid-19 fears have scammed £1.6m’, The Guardian [Online Article], 4 April 2020, https:// www.theguardian.com/world/2020/apr/04/fraudsters-exploiting- covid-19-fears-have-scammed-16m, accessed 16 April 2020. 14 ​HMRC, ‘Guidance: Examples of HMRC related phishing emails and bogus contact’, gov.uk [Online Article], 27 March 2020, https:// www.gov.uk/government/publications/phishing-and-bogus-emails- hm-revenue-and-customs-examples/phishing-emails-and-bogus- contact-hm-revenue-and-customs-examples, accessed 16 April 2020. 15 NCA, ‘Beware fraud and scams during Covid-19 pandem- ic fraud’, National Crime Agency [Online Article], 26 March 2020, https://nationalcrimeagency.gov.uk/news/fraud-scams-covid19, accessed 16 April 2020. 33