Dark Web Scan

Your online identity may be at risk, see what information may be out there about you.

Hint: Search for yourself, a relative or a friend.

lock WE RESPECT YOUR PRIVACY
card

What is
Dark Web?

When you think of the internet, you probably think of Amazon, Netflix and your favorite social media sites. But those sites—the surface internet—make up just 1% of the World Wide Web. The other 99%, the parts you can't access with Google, make up the deep web. The dark web is the encrypted part of the deep web.

While the deep web and the dark web are often used interchangeably, they aren't the same. The deep web contains information not found on search engines. Your online bank account information, email accounts and digital medical records can be accessed on the deep web, but they're protected in authenticated or password-protected accounts.

The dark web is a sliver of the deep web made up of encrypted sites. On the dark web, IP addresses are hidden and navigation is difficult. To access the dark web, you need to mask your online identity with encryption software and use a special browser. Because the dark web affords users anonymity, a significant portion of the dark web is devoted to criminal activity.

What types of personal information might be on the dark web?

Anonymity allows cybercriminals and other bad actors to do business on the dark web. By using cryptocurrencies, such as bitcoin, transactions are kept anonymous, allowing users to buy and sell almost anything on the dark web.

Some of the things you may find on the dark web include:

  • Stolen data: Hundreds of millions of users have had their personal information (including Social Security numbers, credit card numbers, phone numbers and email accounts) exposed in numerous data breaches. The stolen data finds its way onto the dark web, where it's bought and sold by cybercriminals.
  • Illegal drugs and substances: Illegal narcotics, prescription drugs and other banned substances can be found for sale on dark web marketplaces.
  • Illegal pornography: Disturbing images and human trafficking are also part of the dark web.
  • Counterfeit goods: Almost any knockoff you can imagine—like high-end designer shoes, accessories and clothes—can be found being peddled on the dark web.

In 2015, sales on illicit dark web markets reached an average of $500,000 a day, a figure that's likely even higher today. Whenever there's a data breach, chances are the stolen information is being trafficked on the dark web.

So many criminals operate on the dark web that just accessing it can raise red flags with law enforcement.

Annual number of exposed records in the United States
2005 to 2018 (in millions)

Source: Statista

How do you access the dark web?

Anyone with an encrypted dark web browser, such as Tor, can access the dark web, but navigating it isn't as easy as finding your way on the surface web. Surface web content is indexed, which means search engines can read it and return the information you're looking for.

Content on the dark web isn't indexed, so surface web search engines don't work. There are special dark web search engines you can use, but the results aren't always reliable. Since many dark web sites are operated by criminals and scammers, they can disappear as quickly as they appear.

How does my personal information get on the dark web?

Corporate data breaches are responsible for a vast majority of personal information for sale on the dark web. In 2018 alone, nearly 450 million records were exposed. Cybercriminals can get as much as $200 for someone's personal information—even more if the information includes bank or credit account data.

Even without direct access to your financial accounts, fraudsters can make money off your personal data. Your email account, social media profiles and phone number may command value on the dark web, too.

Even if your information hasn't been exposed in a corporate data breach, identity thieves can still steal your personal information. Malware, email phishing and man-in-the-middle attacks are just a few ways identity thieves access your sensitive data. Once they have it, they can sell it to other criminals on the dark web.

You may not know whether your information is for sale on the dark web—until, for example, a fraudulent purchase has been made on your credit card or a fraudulent loan is taken out in your name.

Top 5 biggest Data Breaches
2013 to 2019

Source: CNBC

What is a dark web scan and how does it work?

Most people have no way to search for their personal information on the dark web. Popular browsers such as Chrome, Safari and Firefox don't work on the dark web.

A dark web scan uses a special browser and search engine to comb through the dark web markets and sites for evidence of your personal data. They can't scan every site, because some transactions are private person-to-person exchanges and, therefore, undiscoverable. But they can search the marketplaces and sites where most illicit identity theft activity takes place.

What is dark web monitoring?

A dark web scan is a one-time check for your personal information, but dark web monitoring is an ongoing service. If your email turns up on the dark web, you're notified right away so you can proactively take steps to better protect your identity and your financial assets.

Identity protection scans the surface web and public databases for evidence your information is being used without your permission. In other words, it's only helpful after a criminal has stolen or purchased your information and used it to commit identity fraud.

Dark web monitoring, however, alerts you that your information has surfaced on the dark web. If your email was found on the dark web, you may have more options before fraudulent activity has occurred.

What should I do if my information is on the dark web?

If a dark web scan uncovers your data on the dark web, or you suspect you may have been exposed, acting right away can help prevent or minimize personal and financial damage.

  • Change your passwords. If someone has your account credentials from a data breach or identity theft, you should immediately change all affected account passwords. If you're not sure which accounts were compromised, err on the side of caution and change them all. It might be a good idea to upgrade to a password manager that's not built into your browser—if your data was compromised, it's possible the thief knows your browser credentials, and therefore all your stored passwords.
  • Contact your bank and credit card company. Let your financial institutions know your data was discovered on the dark web and ask them to cancel your old cards and reissue new ones. Alternatively, if your financial institution offers credit alerts, enable them on your account so you'll be notified as soon as suspicious activity occurs on your card.
  • Freeze your credit file. Contact the three major credit reporting agencies (Equifax, Experian, TransUnion) and ask them to freeze your file. When your credit file is frozen, no one can open any new accounts in your name. If you want to apply for credit, you can temporarily unfreeze your account.

How can I prevent my information from ending up on the dark web?

The only way to keep your personal data from being sold on the dark web is to prevent it from being stolen in the first place. Keeping these best practices in mind is a good first step:

  • Use a VPN to access the internet, especially public Wi-Fi. A VPN shields your information and activity from cybercriminals.
  • Use strong, unique passwords—and never use the same password for multiple accounts. That way, if one of your passwords is leaked on the dark web, your other accounts won't necessarily be compromised.
  • Avoid opening popup ads, emails from unknown senders, and links in emails or SMS text messages. Never enter any personal information in response to an email or SMS text message link; this is a common tactic in phishing attacks.
  • Enable two-factor authentication on every account that offers it. If criminals steal your credentials, they won't be able to access your accounts without your cellphone to verify the activity.
  • Close any accounts you don't use. This includes apps on your phone or tablet, too. By paring down the number of places your information is stored on the web, you are reducing your risk of being exposed in a data breach.
  • Keep your antivirus software and web monitoring tools up to date. Enable automatic updates and don't forget to protect your phone and other mobile devices with antivirus software.

See what others have found