When you’re online, you’re likely browsing the “surface web,” which is the portion of the internet comprising publicly accessible websites like this one. But the surface web represents just 10% of the internet. The remaining 90% is known as the “deep web,” but most of it is mundane: online banking accounts, private social media pages — anything that requires a password or is otherwise not indexed by common search engines. The dark web is, in turn, a small portion of the deep web.
But if you can’t get to the dark web without specific software tools, then what is dark web monitoring all about, and how can you even do it?
How do dark web scans work, and what do the scanners look for?
A dark web check will scan the dark web, combing through databases of personal information available for sale there, to identify anything that contains your information. If and when that happens, you’ll be notified immediately, so that you can take steps to protect yourself against the threat of identity theft and fraud.
Dark web scans look for your email address — to check if any of your passwords have been leaked — as well as your social security number, credit or debit card information, personal ID numbers, phone number, and other sensitive information.
When dark web scanning comes in handy
Companies suffer data breaches all the time. The Equifax data breach of 2017 is a particularly notorious recent example that exposed the personal information of nearly 150 million people. When these data breaches happen, cybercriminals will often compile the stolen data into large databases and sell them on the dark web. Other people can then buy data about your digital identity and attempt to use it for identity theft.
A dark web scan will check the dark web for these databases and look through them for your information. If your data turns up in a scan, you’ll be able to take action to minimize the potential damage.
Is my information on the dark web?
“Is my email on the dark web?” If you’re asking questions like that, it’s time to find out if anyone’s selling your sensitive information on the dark web. AVG BreachGuard gives you control over your data by conducting 24/7 dark web monitoring. Stay one step ahead of identity thieves by locating your data on the dark web and protecting yourself before any thieves or hackers have a chance to do anything with it.
What to do if you think your information is on the dark web
If you’ve already conducted a dark web scan and learned that your email was found on the dark web, it’s natural to feel nervous. Or perhaps one of your favorite sites suffered a breach, and you’re worried that your account info has been compromised.
The presence of your email on the dark web doesn’t mean that something bad will inevitably happen to you. But it might be a bit tougher for you to avoid spam emails. You might also be included in phishing campaigns, in which cybercriminals impersonate a business or trusted contact to try get you to reveal personal information. It’s best to prepare for the possibility that someone may attempt to scam you or log into your accounts.
No matter what, the first step is to remain calm. There’s plenty you can do right now to reduce your risk. By acting quickly, you can prevent identity thieves from abusing your data and mitigate any harm you may face.
Change your passwords (that's right, all of them)
If your email has turned up on the dark web (or if you suspect that it might), change your password ASAP. If you use the same email address to log into any other websites or services, change those passwords as well — especially if you haven’t been using unique passwords for every account you have.
You’ve got a fresh opportunity now to give all your accounts the best password protection you can. Create a strong, hard-to-guess password for each account, and don’t reuse passwords for multiple accounts. Unique passwords prevent identity thieves from accessing multiple accounts with the same login credentials.
If you’re thinking that you’re about to have a ton of complicated passwords to remember, you’re right. So consider using a password manager to keep track of everything. Some password managers will even generate new passwords for you.
Contact your financial providers
If a dark web scan finds your credit card number or bank account information, get in touch with your financial providers right away. They can take action — such as closing your accounts and giving you new account numbers — to prevent anyone from making purchases in your name. They’ll also assist you in monitoring your accounts for suspicious transactions going forward.
Sometimes, as with Equifax, you won’t have an account to close. In that case, a credit freeze is the next-best alternative — as well as a great tip in general. If you live in a country with a national credit system, freeze your credit to prevent identity thieves from opening new lines of credit in your name, and open it back up only when you’re applying for credit.
Report the evidence
Reporting identity theft can help to protect you as well as other victims. Compile the evidence from your dark web scan, then contact the relevant authorities in your area to report the cybercrime. That way, your government can assist in hunting down the cybercriminals and preventing future instances of theft.
Your financial institution may also want to see proof that you’ve alerted the authorities, which is another reason to make your reports as soon as possible.
Monitor your finances
Take a look at your bank accounts and credit card statements. Does everything seem normal? Do you recognize and remember all the transactions in your account history? If so, that’s great — but you’re not out of the woods just yet.
Keep checking every week or so. Crafty identity thieves often wait before making purchases with other people’s money. Stay vigilant for any suspicious transactions, and if you notice any, inform your financial services provider immediately.
Activate two-factor authentication
If your email is found on the dark web, it means that someone might be trying to log into your accounts. But with two-factor authentication (2FA), your email and password won’t be enough: 2FA adds a second layer of verification and protection, like an SMS code, when accessing your account. At minimum, set up 2FA on your email account, bank and credit card accounts, social media profiles, and online payment providers like PayPal.
It’s a good idea to use 2FA wherever it’s available. If someone tries to do a bit of Amazon shopping in your name, they won’t be able to log into your account if you’ve already activated 2FA. While it can make the login process slightly less convenient, the security benefits of 2FA are well worth the tradeoff.
Use dedicated cybersecurity software
Data breaches aren’t the only way that hackers can get their hands on your data. Other cybercriminals prefer a more direct method: harvesting your data straight from the source with malware.
Spyware is a favorite tool of data-seeking cybercriminals, who can use keyloggers to capture your passwords as you enter them into the sites you visit. They can also poison the DNS cache on your computer or router with other malware to set up a pharming attack.
AVG AntiVirus FREE detects, removes, and blocks malware while also scanning your Wi-Fi network for any vulnerabilities or suspicious activity. Protect all your devices against data theft with comprehensive cybersecurity.
Other common questions if your email is found on the dark web
Now that you know what a dark web scan is and how it can help you, let’s look at a few more related questions you might have.
Who put my data on the dark web?
Your information was most likely put on the dark web by a cybercriminal. Enterprising hackers will obtain large collections of personal data — either through data breaches or other methods like malware and phishing — and then put these collections up for sale on the dark web.
Identity thieves, scammers, and even spammers can then buy these databases to use in their respective pursuits.
Is it free to use a dark web scanner?
You can find a range of free dark web scans online. After signing up with your email address and possibly some other information, the service will scan the dark web to see if your information appears in any databases there. A free service like Avast Hack Check will alert you any time your email address and any of your passwords show up in a dark web database.
Are there any limitations to dark web scanning?
The dark web is a convoluted place, and this makes scanning it difficult. Unlike the surface web, the dark web isn’t indexed — meaning that there’s no official list of all the pages it contains — so you can’t simply scan it as you would with a search engine like Google or Bing.
Most dark web scans will look at known marketplaces where many cybercriminals frequently post their databases for sale. But while no company can possibly check 100% of the dark web, a dark web scan is certainly better protection than none at all.
What are the alternatives?
The best alternative to a dark web scan is to assume your data is already being traded on the dark web and act accordingly. Freeze your credit, use strong and unique passwords on all your accounts, monitor your financial records, use two-factor authentication whenever available, and learn how to spot phishing emails.
Automate the process for faster, more reliable detection
Safeguard your data with AVG BreachGuard’s fully automated 24/7 dark web scans and monitoring. You’ll find out as soon as your data pops up in a dark web database, enabling you to spring into action with the strategies we’ve discussed above. But that’s not the only level of protection you’ll get.
In today’s digital ecosystem, the more your personal information is shared and sold, the greater the likelihood that it could be exposed. AVG BreachGuard steps in before your personal information is compromised by helping you remove your data from data broker databases. That way, companies that profit from selling aggregated data won’t be able to add yours to their mix.
With BreachGuard’s always-on security evaluation, you’ll know exactly what you need to do to shore up your digital defenses. Then, when the next data breach inevitably happens, your data won’t be included in the leak.