The Experian Dark Web Scan: Do You Need It and Can You Trust It?
Chances are that you’ve seen advertisements for services offering a dark web scan lately. They’ve even made their way to regular TV commercials, with Experian’s dark web scan being one of the most popular.
With data breaches becoming more common, it seems like a good idea to protect your security in this way. However, you could end up paying for pretty much nothing. Let’s take a look at Experian’s dark web scan and see what it actually does.
What Is the Dark Web?
We’ve talked about the dark web before, so we’ll summarize here if you’re not familiar.
The dark web is the name given to hidden websites that you can’t access without special software. Pages you can access via searching on Google or visiting directly only make up a part of the internet. To access sites on the dark web, you need to use a special browser (typically Tor) and know each site’s specific address.
Because the dark web (rightfully) has a reputation for illegal activity, it makes sense that you’d want to know if your information was being traded on it. So what does Experian offer?
Walking Through Experian’s Dark Web Scan
The Experian Dark Web Scan page promises to scan the dark web for your Social Security number, email, and phone number. It’s offered once for free, with no credit card information required. We walked through it to see what it actually entails.
To sign up, Experian asks for your name, current address, phone number, and email address. It also pre-checks a box to sign you up for marketing emails from Experian, which you probably don’t want.
After you enter this, Experian asks for the last four digits of your Social Security number to verify your identity. In theory, this protects you from someone illegally accessing your credit information. You’ll also need to provide your birthday and create an account username and password.
Once you submit your request for the scan, you’ll have to answer some questions about your recent credit activity to further confirm who you are. Then you’ll have to create a security question and PIN—make sure to answer the security question wisely.
Experian will check your credit score, which will not affect your credit. You’ll then see a prompt to start your Dark Web Triple Scan. Experian says it is “scanning the dark web globally” while it does this.
Results of Experian’s Dark Web Scan
After a few seconds, I got the results of my scan. According to Experian, my email address was compromised, but my Social Security number and phone number were clear.
The two websites that it listed as compromised for my email were Patreon and bitl.y. As it turns out, I’ve known about both of these breaches for years, so this didn’t reveal any new info to me. We’ll discuss this more in a moment.
At the bottom of the report, Experian lists that it didn’t scan “other personal information.” This includes your driver’s license, medical ID, bank accounts, and similar. It wants to sell you the $10/month Experian IdentityWorks paid service to do this.
After clicking around my new Experian account for a bit, I didn’t see anything particularly notable. Nearly everything requires upgrading to a paid account, which seems to be why Experian requires you to create an account to run this scan.
Is the Experian Dark Web Scan Worth It?
After walking through Experian’s offering, I feel confident in saying that it was pretty much worthless. The only information that it found was years-old breaches from major websites that have nothing to do with the dark web, which I already knew about and took action.
Experian’s “recommended actions” all revolve around you paying the company for more services. It wants you to sign up for more monitoring and even pay to access your credit score (which you can do elsewhere for free).
But this is a waste of money.
What You Should Do Instead
Don’t pay Experian for what you can do for free.
Check for Account Breaches
Thanks to the website haveibeenpwned, operated by security expert Troy Hunt, I already knew when my credentials were leaked by Patreon and bit.ly. Simply enter your email address and you’ll see all the breaches that affected you.
From there, you can take action to secure your accounts by changing your passwords, setting up two-factor authentication, and similar. Click the Notify me tab at the top of the page and you’ll even receive an email when a future breach of your information happens.
For better security, we recommend using a password manager and generating unique passwords for each site. That way, if one password is exposed, hackers can’t use it to break into multiple accounts.
Don’t forget about other ways to check if your online accounts were hacked, too.
Freeze Your Credit
Experian wants you to subscribe so you can enable a “credit lock”, but you can already do 99% of what that lock offers by freezing your credit report. This used to cost a fee, but since late 2018, it’s free to freeze and thaw your credit in all 50 states.
When you freeze your credit, nobody can access it unless you use your unique PIN to temporarily unfreeze it. This makes it much harder for someone to steal your identity, as they can’t open new lines of credit in your name.
It’s a small hassle to unfreeze your credit when you do need it, like when applying for a loan, but it’s worth the added security.
You’ll need to freeze your credit with each of the three major agencies individually. Visit these pages to get started:
Why Dark Web Monitoring Is Useless
We’ve looked at what Experian’s dark web scan offers compared to alternatives, but what’s more important is what it doesn’t offer. Dark web scanning supposedly looks all over the dark web for your personal info, but this is impossible by the very nature of the dark web.
Nobody knows how many sites are on the dark web because they don’t link to each other like the standard web. Experian says that its scan “looks back to 2006 and searches over 600,000 web pages” for your information. However, we can safely assume that the dark web holds many millions of pages. Further, exchanges of sensitive information are private and wouldn’t be accessible to the public in searches like this.
Because of this, it’s clear that Experian and other dark web scanners do not scan the entire dark web for your information. This is impossible, and any service claiming to do so is lying. In all likelihood, these services instead scan giant dumps of leaked data (like haveibeenpwned does) to report if your information was leaked.
And while free services don’t scan for your Social Security number, chances are that it’s probably already leaked at some point. Remember the awful Equifax data breach in September 2017, which put the sensitive info of some 200 million people out into the wild for anyone to access? These breaches happen too often, and have probably leaked your private data already.
The best you can do is freeze your credit and proactively watch for signs of fraud. Paying Experian money to do scans you can do for free isn’t going to help much. Remember that in my trial, it didn’t actually find anything from the dark web. And if it did find a compromised Social Security number, it would recommend a credit freeze anyway.
Dark Web Scans: Forget the Hype
Frankly, seeing a credit agency like Experian start pushing its dark web scan in the wake of the Equifax data breach is frustrating.
These companies, that nobody has voluntarily chosen to work with, hold an immense amount of vital data on people. Then when one leaks this information due to gross negligence, another responds by selling you a product to “protect your identity” that you wouldn’t need if they hadn’t leaked info in the first place.
There’s no reason to pay for these dark scan services. Use the tools recommended above to take your identity protection into your own hands.
And after all this serious talk, it’s time to have some fun. Check out the coolest dark web websites you can visit now.
Read the full article: The Experian Dark Web Scan: Do You Need It and Can You Trust It?
from MakeUseOf http://bit.ly/2SpTJC0
via IFTTT