Technology
What really happens on the dark web and how to stay safe
NEWYou can now listen to Fox News articles!
The dark web often feels like a mystery, hidden beneath the surface of the internet that most people use every day. But to understand how scams and cybercrimes actually work, you need to know what happens in those hidden corners where criminals trade data, services and stolen access.
Cybercriminals rely on a structured underground economy, complete with marketplaces, rules and even dispute systems to operate safely away from law enforcement. By learning how these systems function, you can better understand the threats that could reach you and avoid becoming the next target.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
5 SOCIAL MEDIA SAFETY TIPS TO PROTECT YOUR PRIVACY ONLINE
Learn how to protect your personal information from dark web threats with simple cybersecurity habits and tools. (Phil Barker/Future Publishing via Getty Images)
Inside the hidden layers of the internet
The internet is often divided into three layers: the clear web, the deep web and the dark web. The clear web is the open part of the internet that search engines like Google or Bing can index, including news sites, blogs, stores and public pages. Beneath it lies the deep web, which includes pages not meant for public indexing, such as corporate intranets, private databases and webmail portals. Most of the content in the deep web is legal but simply restricted to specific users.
The dark web, however, is where anonymity and illegality intersect. It requires special software such as Tor to access, and much of its activity happens behind encryption and invitation-only walls. Tor, short for The Onion Router, was originally developed by the U.S. Navy for secure communication but has since become a haven for both privacy advocates and criminals.
It anonymizes users by routing traffic through multiple encrypted layers, making it almost impossible to trace where a request truly came from. This anonymity allows criminals to communicate, sell data and conduct illegal trade with reduced risk of exposure.
Over time, the dark web has become a hub for criminal commerce. Marketplaces once operated like eBay for illegal goods, offering everything from drugs and stolen credit card data to hacking tools and fake identities. Many of these platforms have been shut down, but the trade continues on smaller, more private channels, including encrypted messaging apps such as Telegram. Vendors use aliases, ratings and escrow systems to build credibility.
Ironically, even among criminals, trust is a critical part of business. Forums often have administrators, verified sellers and mediators to settle disputes. Members who cheat others or fail to deliver are quickly blacklisted, and reputation becomes the main currency that determines who can be trusted.
The criminal economy and how scams are born
Every major cyberattack or data leak often traces back to the dark web’s underground economy. A single attack typically involves several layers of specialists. It begins with information stealers, malware designed to capture credentials, cookies and device fingerprints from infected machines. The stolen data is then bundled and sold in dark web markets by data suppliers. Each bundle, known as a log, might contain login credentials, browser sessions and even authentication tokens, often selling for less than $20.
Another group of criminals, known as initial access brokers, purchases these logs to gain entry into corporate systems. With that access, they can impersonate legitimate users and bypass security measures such as multi-factor authentication by mimicking the victim’s usual device or browser. Once inside, these brokers sometimes auction their access to larger criminal gangs or ransomware operators who are capable of exploiting it further.
Some of these auctions are run as competitions, while others are flash sales where well-funded groups can buy access immediately without bidding. Eventually, this chain of transactions ends with a ransomware attack or an extortion demand, as attackers encrypt sensitive data or threaten to leak it publicly.
Interestingly, even within these illegal spaces, scams are common. New vendors often post fake listings for stolen data or hacking tools, collect payments and disappear. Others impersonate trusted members or set up counterfeit escrow services to lure buyers.
Despite all the encryption and reputation systems, no one is truly safe from fraud, not even the criminals themselves. This constant cycle of deception forces dark web communities to build internal rules, verification processes and penalties to keep their operations somewhat functional.
What you can do to stay ahead of dark web-driven threats
For ordinary people and businesses, understanding how these networks operate is key to preventing their effects. Many scams that appear in your inbox or on social media originate from credentials or data first stolen and sold on the dark web. That is why basic digital hygiene goes a long way. Below are some steps you can take to stay protected.
MAJOR COMPANIES, INCLUDING GOOGLE AND DIOR, HIT BY MASSIVE SALESFORCE DATA BREACH
From password managers to antivirus software, experts share practical ways to keep hackers out of your data. (Annette Riedl/picture alliance via Getty Images)
1) Invest in personal data removal services
A growing number of companies specialize in removing your personal data from online databases and people search sites. These platforms often collect and publish names, addresses, phone numbers and even family details without consent, creating easy targets for scammers and identity thieves.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
2) Use unique passwords and a password manager
One of the easiest ways to stay safe online is to use unique, complex passwords for every account you own. Many breaches happen because people reuse the same password across multiple services. When one site is hacked, cybercriminals take those leaked credentials and try them elsewhere, a technique known as credential stuffing. A password manager eliminates this problem by generating strong, random passwords and securely storing them for you.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
3) Install strong antivirus protection
Antivirus software remains one of the most effective ways to detect and block malicious programs before they can steal your information. Modern antivirus solutions do far more than just scan for viruses. They monitor system behavior, detect phishing attempts and prevent infostealer malware from sending your credentials or personal data to attackers.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
4) Keep your software updated
Outdated software is one of the biggest entry points for attackers. Cybercriminals often exploit known vulnerabilities in operating systems, browsers and plugins to deliver malware or gain access to systems. Installing updates as soon as they are available is one of the simplest yet most effective forms of defense. Enable automatic updates for your operating system, browsers and critical applications.
5) Enable two-factor authentication
Even if your password gets leaked or stolen, two-factor authentication (2FA) adds an additional barrier for attackers. With 2FA, logging in requires both your password and a secondary verification method. This includes code from an authentication app or a hardware security key.
6) Consider identity theft protection services
Identity theft protection can provide early warnings if your personal information appears in data breaches or on dark web marketplaces. These services monitor your sensitive data, such as Social Security numbers, bank details or email addresses. If anything suspicious is detected, they alert you. Many providers also offer recovery assistance, helping you restore stolen identities or close fraudulent accounts. While no service can prevent identity theft entirely, these tools can shorten your response time and limit potential damage if your data is compromised.
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.
SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS
Protecting your identity starts with strong passwords, two-factor authentication and regular software updates. (Jens Kalaene/picture alliance via Getty Images)
Kurt’s key takeaway
The dark web thrives on the idea that anonymity equals safety. But while criminals may feel protected, law enforcement and security researchers continue to monitor and infiltrate these spaces. Over the years, many large marketplaces have been dismantled, and hundreds of operators have been caught despite their layers of encryption. The takeaway for everyone else is that the more you understand how these underground systems function, the better prepared you are to recognize warning signs and protect yourself.
Do you think law enforcement can ever truly catch up with dark web criminals? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
Five months after returning to OpenAI, Barret Zoph — the company’s head of enterprise AI sales — has departed, The Verge has learned.
Zoph returned to OpenAI in mid-January after a stint as co-founder and CTO of Thinking Machines Lab, the competing AI company founded by former OpenAI CTO Mira Murati. Shortly after Zoph returned to OpenAI, the company said he would lead its push into enterprise — a significant role at OpenAI, since in recent months it had vowed to stop chasing so-called “side quests” and focus on key revenue drivers like enterprise and coding ahead of its planned IPO.
OpenAI confirmed to The Verge that Zoph will be departing. He posted a goodbye message in the company’s Slack channels. Zoph did not immediately respond to a request for comment.
Zoph originally left OpenAI in the fall of 2024 for Murati’s Thinking Machines Lab, but departed the role abruptly in January 2026 after reports of alleged misconduct involving an undisclosed relationship with a colleague. Murati posted on X in January that Thinking Machines Lab had “parted ways” with Zoph and that he would be replaced as CTO.
Thinking Machines Lab has its own tensions with OpenAI. Murati briefly took over as CEO from OpenAI CEO Sam Altman during his November 2023 ouster, and during the recent OpenAI trial, Murati testified that she couldn’t trust everything Altman said. In September 2024, when Murati left OpenAI to start Thinking Machines Lab, a group of OpenAI employees followed shortly after. But three of them — including Zoph — all returned to OpenAI together this past January. Fidji Simo, OpenAI’s CEO of Applications, wrote on X at the time that she was “excited to welcome Barret Zoph, Luke Metz, and Sam Schoenholz back” and that the decision had “been in the works for several weeks.”
NEWYou can now listen to Fox News articles!
For years, two women in Bremerton, Washington, opened credit cards and lines of credit in other people’s names, working from documents they pulled out of stolen mail. Emily Vranic and Heather Marquis redirected the new accounts’ statements to an address they controlled, so no bill ever reached the victims. They pleaded guilty in federal court this month to bank fraud and aggravated identity theft in a scheme prosecutors say stole nearly $229,000 from banks and bank customers.
If you have ever worried about a credit card opened in your name, this case shows how quickly stolen mail can turn into a much bigger identity theft problem. Opening a new account is the leading form of identity misuse reported to the Identity Theft Resource Center. In its latest data, 62.1% of attempted misuse cases began with a new account application rather than the takeover of an account the victim already held.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
WARNING SIGNS YOUR MAIL HAS BEEN FRAUDULENTLY REDIRECTED
A credit card opened in your name can start with stolen mail, exposed personal details or documents pulled from the trash. (Nastasic/Getty Images)
How stolen mail helped thieves open credit cards
When people picture an account opened in their name, they may imagine a checking account at a bank they have never set foot in. The more likely target is a credit card. Credit cards made up 41% of attempted account misuse reported to the ITRC last year. Checking accounts came to 17.7% and personal loans to 8.5%.
A credit card is one of the easier accounts to open in someone else’s name, and the reason is in how the application is cleared. A lender matches the submitted name, date of birth, address and Social Security number (SSN) against the bureau file. When those details fit a record that already exists, an automated system can approve the application with no one confirming that the applicant is the person being described. Assemble enough of someone’s information from breaches and stolen mail, and the check clears.
Why identity thieves rarely stop at one account
Vranic and Marquis did not stop at one account per victim. Once they controlled someone’s identity, they activated existing cards, opened new credit lines and moved money out of bank accounts tied to the same name.
This is common. The ITRC found that 25.6% of victims are now handling two or more identity incidents at once, up from 23.5% the year before. The same stolen details, including name, date of birth, address and SSN, can open the next account as easily as the first.
DON’T LET THIS CREDIT CARD FRAUD NIGHTMARE HAPPEN TO YOU
A fraudulent credit card may stay hidden for weeks if statements and notices are sent to an address controlled by the thief. (Kurt “CyberGuy” Knutsson)
Why weeks can pass before you learn about the account
A new account does not announce itself. It reaches your credit report only after the first statement closes, which puts the first record 30 to 60 days behind the opening. Banks report to the bureaus monthly, and the bureaus need up to two weeks more to post the change.
The first paper notice goes wherever the application is listed. Vranic and Marquis had the statements mailed to their own address, not the victims’. When the mail reaches the right house, it may read like a routine offer or a card no one ordered, which makes it easy to set aside.
By the time a denied loan or a collections call makes the account impossible to ignore, it has been open and drawing money for weeks.
WHY THAT $4 CHARGE ON YOUR STATEMENT COULD BE FRAUD
Freezing your credit, watching for new accounts and acting quickly can help limit the damage if your identity is used. (Kurt “CyberGuy” Knutsson)
What to do if a credit card appears in your name
Move quickly, because every day an account stays open gives a thief more time to spend money, damage your credit or try the same information somewhere else.
1) Contact the card issuer immediately
Call the credit card company or lender that opened the account and tell them the account is fraudulent. Ask them to close or freeze the account, stop any pending charges and send written confirmation that you are not responsible for the debt.
2) Start at IdentityTheft.gov
Go to IdentityTheft.gov. The Federal Trade Commission’s site generates an Identity Theft Report and recovery plan to help you report identity theft, limit the damage and fix your credit.
3) File a police report if a creditor asks for one
Your FTC Identity Theft Report is usually the key document for disputing fraudulent accounts. Some lenders, banks or debt collectors may also ask for a police report. If that happens, file one with your local police department and keep a copy for your records.
4) Save every document and confirmation number
Keep copies of account statements, collection letters, emails, dispute letters, FTC reports, police reports and confirmation numbers. A clear paper trail can make it easier to prove the account was fraudulent if a creditor, credit bureau or debt collector questions your claim.
5) Dispute the account in writing
Dispute the fraudulent account directly with the lender that opened it, in writing. Also dispute it with Equifax, Experian and TransUnion if it appears on your credit reports. Under the Fair Credit Reporting Act, companies that furnish information to credit bureaus have a duty to investigate disputed information.
6) Freeze your credit at all three bureaus
Place a freeze at Equifax, Experian and TransUnion to help block the next application. Freezes have been free since 2018 and can be lifted online when you need to apply for credit.
7) Add a fraud alert
A credit freeze blocks access to your credit file. A fraud alert tells lenders to take extra steps to verify your identity before opening new credit in your name. You only need to contact one of the three major credit bureaus to place a fraud alert, and that bureau must notify the other two.
8) Report suspected mail theft
If you believe stolen mail helped someone open the account, report it to the U.S. Postal Inspection Service, the law enforcement arm of the Postal Service. You can report mail theft, identity theft, fraudulent change-of-address requests, fraudulent mail holds and fake Informed Delivery accounts at mailtheft.uspis.gov.
9) Request an IRS Identity Protection PIN
If your Social Security number was used, request an IRS Identity Protection PIN at irs.gov/ippin. This helps keep a thief from filing a tax return in your name.
10) Change passwords and lock down your accounts
Change the passwords on your bank, credit card and email accounts, especially if your email address was part of the fraud. Use a password manager to create and store strong, unique passwords for each account, so one exposed password cannot unlock the rest of your financial life. Turn on two-factor authentication (2FA) where available. Then review recent transactions, saved payment methods and automatic payments for anything you do not recognize.
11) Get help cleaning up the damage
Cleaning up identity theft can mean dealing with creditors, credit bureaus, debt collectors and repeat follow-ups. Keep copies of every report, dispute letter, confirmation number and account closure notice so you have a clear paper trail if the fraud resurfaces.
No service can prevent every account opened in your name. Continuous three-bureau credit monitoring may alert you to new accounts as they are reported, rather than weeks later when a lender turns you down or a collections notice arrives. See my tips and best picks on Best Identity Theft Protection at Cyberguy.com
Kurt’s key takeaways
A stolen credit card account can quietly grow into a much bigger identity theft mess before you ever see a bill. That is what makes this Washington case so alarming. The victims were not ignoring warning signs. The statements were being sent somewhere else. The best move is to make it harder for thieves to open the next account. Freeze your credit at Equifax, Experian and TransUnion, watch for hard inquiries and check your credit reports for accounts you do not recognize. If something appears, go straight to IdentityTheft.gov, file a report and dispute the account in writing with the lender. Credit monitoring can also give you a faster heads-up when a new account or inquiry hits your file. It will not stop every scam, but it can shorten the time between the fraud starting and you finding out.
Have you ever found a credit card, loan or account on your credit report that you did not open? Let us know how you discovered it and what it took to fix it by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Valve has some good news and bad news about Steam Controllers. The good news: if you make a reservation for a Steam Controller, the company will now show you one of three estimates of when you’ll be able to actually order your gamepad: by September 2026, by December 2026, or sometime in 2027. The bad news: any reservations made today “indicate a 2027 date for shipping,” Valve says.
“We have no plans to stop making Steam Controller,” according to Valve. “But as we look at the current demand compared to how many we know we can make by the end of the year, we want to manage expectations as much as we can with regards to when folks can expect to receive their order.”
Valve’s very good new Steam Controller went on sale in early May, and the initial rush led some people to run into frustrating problems with trying to check out ahead of the controllers eventually going out of stock. A few days later, the company announced that it would be implementing a reservations queue for interested buyers so they could get on a waitlist. If you’re on the waitlist, when you get notified that a Steam Controller is ready for you to buy, you have 72 hours to actually make the order.
“When we launched Steam Controller last month, we quickly saw that initial demand exceeded our expectations,” Valve says. “Switching to a reservation queue has (hopefully) cut down on the headaches on the customer side, and for us it’s also been helpful as we plan ahead and try to get as many out as quickly as we are able.”
All three of Valve’s big hardware products were delayed from a planned early 2026 launch because of the component crisis, Valve still hasn’t announced when the Steam Machine PC or Steam Frame VR headset might go on sale. However, just yesterday, Valve officially launched its big SteamOS 3.8 update with support for the Steam Machine. It’s also been importing a lot of hardware into the US as of late.
-
Health15 minutes agoNew At-Home DNA Test Reveals if GLP-1 Weight-Loss Drugs Will Work for You
-
Lifestyle30 minutes agoWhat does freedom actually look like? : It’s Been a Minute
-
Technology40 minutes agoBarret Zoph is out at OpenAI again after just five months
-
World45 minutes agoIran hardliner behind US deal warns Tehran won’t honor agreement if Trump fails to deliver
-
Politics52 minutes agoTop GOP lawmaker rallies around conservative school board member facing calls to resign
-
Sports60 minutes ago2026 World Cup Odds: How Far Can Mexico Go After Winning Group A?
-
Technology1 hour ago6 in 10 identity crimes now begin with a new account
-
Business1 hour agoJanuary 2025 wildfire victims seek tougher penalties against State Farm over claims handling
