Criminals can use your sensitive data found on the dark web to create personalized phishing attacks and even steal your identity. But how would you know if your Social Security Number or other valuable information lives there?

You’re probably not going to go to the dark web and check for yourself. The dark web, sometimes called the darknet, is the part of the Internet that you cannot find through conventional search engines. To achieve this, you need what is called an anonymizing browser and a specialized search engine.

“It’s very scary there,” said Rajiv Kohli, a business professor at William and Mary. Kohli specializes in cybersecurity and dark web research – and, yes, he has participated in it.

Signing up for an identity theft protection service is one of the best ways to find out if your sensitive data is on the dark web. But it’s not foolproof. Tons of information is added to the dark web after data breachesso it can be difficult for services to keep up.

The truth is that you can never really know if your private data is in the hands of cybercriminals. But there are indications that your personal information may be accessible to identity thieves.

Aura can tell you if your data is on the dark web

Is my personal information on the dark web?

So how do you know if your personal data is on the dark web? There are several signs you will want to look for.

Random Emails, Texts, and Phone Calls

Everyone gets it, and it doesn’t automatically mean your information is on the dark web. It’s still a possibility. Kohil says that if you’re getting a lot of spam, unwanted calls and texts, “it’s probably because someone bought a list to run some kind of financial scam and your information was on there.” .

Unknown purchases on your credit card

Your Spidey senses should start tingling if this happens to you. “Even if they are small, it could be because someone purchased your credit card number from a list of hundreds of credit card accounts being sold for just five cents each on the dark web “, says Kohil. Your bank will normally send you a new card once suspicious purchases are identified or reported.

You no longer have access to your bank account

It’s one thing if you’ve forgotten your password and guessed it too many times for your bank’s comfort. But if it doesn’t and you find yourself locked out, it’s possible that someone else has tried to log into your account too many times.

Strange health insurance claims

If you receive medical bills for procedures you never had, call the health care provider or your insurer immediately. If medical claims that should have been accepted are rejected due to reliance on benefits, that could also be a worrying sign. Medical identity theft is a real problem, although it is rare (less than 1% of identity thefts are medical, according to the most recent Bureau of Justice Statistics).

Unauthorized login or password changes

If you have just changed your banking password, you will receive an alert. But if you get an alert that your banking password has been changed and you know you didn’t do it, that’s a major red flag. The same goes for any emails you receive regarding unrecognized login activity with your account.

How it can lead to identity theft

If your personal information, like your name, phone number, or email address, is on the dark web, you will be more vulnerable to identity theft and online scams. If a cybercriminal has some of your personal information, they will be able to craft a credible scam more easily than if they approached a complete stranger.

Most often, identity thieves will find passwords and login credentials on the dark web. There are many dark web sites with lists of matching usernames, email addresses, and passwords for different sites. Cybercriminals use them to credential stuffingwhere they try your password from one site on multiple other sites, according to Andrew Wolfe, director of the cybersecurity program at Loyola University New Orleans.

It’s less common for your credit card or government ID information to be openly posted on the dark web, he said. So, if your driver’s license was stolen, this information likely won’t be freely available on the dark web for your everyday identity thief to see.

But don’t exhale yet. Your stolen driver’s license or Social Security number is unlikely to be freely available on the dark web because they are more valuable, Wolfe said. “Cybercriminals will offer them for sale on dark web sales sites.”

At the same time, you probably don’t want to be too afraid when thinking about the dark web. All your information found on the dark web isn’t too useful to bad actors.

“We are generally concerned that extremely sensitive information has been leaked and that cybercriminals intend to use your particular information to destroy your life. This is an exaggeration,” Wolfe said. “The dark web is full of data, like your 2013 password to a yoga bulletin board. In other words, most of this information is trivial.”

What can you do if your personal data is on the dark web

If you discover that your personal data is on the dark web, there’s not much you can do. It exists and may have already been sold several times. However, there are preventative measures you can take to minimize the consequences.

Sign up for identity theft monitoring

With data breaches becoming more and more common, it’s difficult to prevent your information from falling into the wrong hands. But you can keep track of your data with an identity theft monitoring service.

“Having some sort of dark web monitoring service is extremely valuable,” Wolfe said. “Many banks, credit unions and other financial services companies offer them.”

For example, Chase Credit Journey And Capital One CreditWise offering absolutely free dark web monitoring. The same goes for the Experian credit agency. However, these free services lack the digital security tools and advanced monitoring and restoration services offered by many paid services.

Aura can tell you if your data is on the dark web

Paid services like Will have And life lock offer more comprehensive coverage and generally range from $7 to $15 per month for individual accounts.
If your identity theft protection service tells you an account has been compromised, Wolfe suggests closing the account or at least changing your password.

Freeze your credit

You can freeze your creditso that no one can open loans, credit cards and other credit-based accounts in your name. But it also prevents you from opening a new account, unless you temporarily or permanently unfreeze your credit.

Credit freezes always sound good in theory, but they can take a long time to manage. But if your information is on the dark web and freezing your credit gives you peace of mind, you can do it online at each of the credit reporting agencies’ websites.

A credit freeze is also not a complete solution to identity theft. For example, if you freeze your credit, they won’t be able to take out a new loan, but if they already have your current credit card number, they could still make unauthorized purchases. And since banks don’t always run a credit check when you open a new bank account, someone could still open a checking or savings account in your name.

Change your passwords regularly

The best passwords are complicated. “Any password that is easy to remember is easy for a cybercriminal to guess.” » said Wolfe.

He adds that “with passwords this complex, no one can reliably remember and use more than a handful.” But no realistic person expects you to do that. Basically everyone needs a password manager.”

It also warns against answering your password recovery questions correctly. Hackers probably know your old street, teacher and pet names, Wolfe said. So you’ll want to answer these questions differently to prevent anyone other than you from logging in.

View your bank statements

It may seem like a routine solution, but reviewing your bank statements each month can help you keep an eye out for potential red flags, according to Robin Chataut, assistant professor of cybersecurity and computer science at Quinnipiac University.

“Regular monitoring of your financial statements and credit reports can help you quickly detect unauthorized activity,” he says.

Look for fees you don’t recognize or even deposits that don’t come from sources you know.

How to report identity theft or fraud

If a data breach results in fraud or identity theft, contact the credit card company, bank or lender and the three major credit reporting agencies.

If you signed up for identity theft protection with a white glove restoration service, the company should also help you with these steps and help you fight any wrongful charges. You will also want to notify the Federal Trade Commission.

“If identity theft is suspected, it is important to report it to the appropriate authorities, such as the Federal Trade Commission in the United States, not only to protect yourself, but also to help prevent future incidents,” said Chataut.

To report fraud or identity theft to the FTC, visit Identity theft.gov or call 1-877-438-4338.