The biggest problem when someone steals your data on the Internet is that they might take all the money from your credit card and then leave it. If that were the case, it wouldn’t be that much of a big deal. The real problem is what they do with your data after.
Namely, hackers can sell your information on the dark web.
So what to do if your email is exposed on the dark web or your credit card number, SSN, or online password? How to make sure that you are not a victim of fraud and identity theft?
What is the Dark Web, and How it Works?
When you browse the Internet, check websites, reading articles like this one, you are actually using the “surface web”. This is only about 5% of the web.
A much larger portion (90%) is what you won’t find through a regular search engine. This includes any content that you can’t access without some form of authentication (usually a username and password).
This includes, among other things:
- Your email
- Your social media accounts
- Private company databases
- Your online banking accounts
- Research and academic content
- Gated content
Beneath all of that, however, is the third layer of the web (5%), which you can’t get to via Google.
Instead, you’ll need a specialized browser like Tor, which will allow you to access .onion websites.
Once you download the Tor browser for Tor Project, your traffic will get routed through the Tor network and become anonymized to the point where it becomes very difficult, if not outright impossible, for someone to see and trace your real IP address.
This is mainly because your traffic through Tor moves or “bounces” through several random “nodes” until it reaches the destination.
Because of this, Tor and the dark web are especially useful for those who want to stay anonymous online. For example, you can use phpList over Tor.
Unfortunately, the dark web often includes cybercriminals who might sell or buy your data.
How to Find if My Information is on the Dark Web?
Since you can’t just open your favorite browser and search for your data to find it on the dark web, how do you then find out if it is there at all?
One of the first things you should keep an eye on is if there is any suspicious activity on your credit card or online accounts. If you are receiving bills for items you know you didn’t purchase, are missing money from your credit card or bank account, or perhaps getting notifications from websites you didn’t subscribe to, those can be telltale signs that you are a victim of identity theft.
The problem with this is that cyber-thieves tend to be very careful not to draw too much attention to themselves, so they will rarely spend all your money at once. Instead, they will withdraw only small amounts to avoid credit monitoring.
Because of this, you can’t rely on the credit service to find out if your credit card is compromised, but will instead need to monitor your bills regularly for any changes.
If you see anything strange, you can immediately put your credit card on freeze, and that way prevent scammers from using your credit card or opening another account in your name.
What about your other data, such as your email, online accounts, passwords, and so on?
Fortunately, there are several dark web monitoring tools that you can use to find out if your information is on the dark web.
- Have I been Pwned?
One website that we recommend checking out to see if you’re asking, “Is my email compromised?” is Have I Been Pwned? This website allows you to type in your email address and check if it has been compromised in any data breach, and you can also do the same for your passwords.
- Echosec Beacon
Another dark web monitoring service that can tell you if your personal or financial data has been stolen and sold on the dark web or your credentials compromised is Echosec Beacon.
This works like a search engine, where you enter your name, email address, or SSN, and it will search the dark web marketplaces and social sites where your data might appear.
- Alert Logic
If you run a company and want to prevent hackers from taking over your clients’ accounts, you can use the account takeover prevention system Alert Logic. This service will compile a list of compromised accounts specific to a client and send you a monthly report of at-risk accounts
Keep in mind that you’ll have to request a demo if you’d like to use managed detection and response (MDR) services, of which dark web scan is just one part.
These are just a few dark web monitoring tools that use threat intelligence to monitor the dark web. You can also check out this article by Comparitech for more tools.
What if My Email is on the Dark Web?
Okay, let’s say your email is found on the dark web. What can you do in that case?
- Scan your computer for viruses
If your email is exposed on the dark web, it won’t be enough to just change your password. Your computer might already be infected with malware that will alert the hacker of this, and he’ll be able to prevent the change.
- Change the password
Once you’ve gotten rid of the malware in your computer, it’s time to change the password. This time, however, don’t reuse the same weak password but instead create a stronger one using a combination of letters, numbers, and special signs, as well as uppercase and lowercase.
- Stay away from people search sites and data brokers
Why do people search sites and data brokers exist in the first place? To share your information online. And yes, that includes your email.
And sure, white pages can be useful if you want to find an old friend from high school, but it has become pretty obsolete thanks to Facebook and the like.
Today, the only ones who really use these are scammers in order to build huge databases of victims they will target for their schemes.
- Use multi-factor authentication
For the sake of convenience, a lot of websites allow you to sign up using only your email, Google, or Facebook account.
The problem is, if the hacker has access to the email, they will also have access to any connected online accounts. What you can do to prevent them from accessing your accounts is to use 2FA or multi-factor authentication.
This will add another step, like a token, code, or SMS message, to verify the login attempt, which will prevent the hacker from logging in.
- Use a separate email account for unimportant profiles
The more online profiles you have, the greater the chance one of them will expose your data.
Prioritize your accounts based on their actual importance. If it’s something you are only going to use once or twice and then forget about, it’s better to sign up for it using a separate email than if it contains something truly important, like your personal and financial data.
Conclusion
You can be a victim of identity and data theft at any moment. That’s why you need to learn how to find out if your information is on the dark web and what to do if your information is on the dark web.
Fortunately, plenty of cyber threat intelligence services can help you scan and monitor the dark web for your stolen data, and once they do, you can use the tips above in case your email is exposed on the dark web.
Finally, consider using a more secure email service than Gmail. phpList: Armored Email is an end-to-end encrypted email service that will protect you from harmful JavaScript injections, strip your IP from all logs and metadata, and protect your password with Zero-knowledge protection.