It’s an unsettling feeling. Getting that phone call.
“We’ve noticed some unusual transactions on your account.” It’s your credit card provider. As they list off the transactions and the amounts charged, your heart sinks.
How did someone steal your credit card details? It’s very likely that information was sold on the dark web.
How to find out if your information is on the dark web
The dark web is a useful tool if you want to use the internet with anonymity and privacy, but it’s also full of illegal activity, including stolen or illegal goods for sale. These include credit card numbers and personal information (birth dates, ID numbers, passwords, etc.) that can be used to impersonate someone.
In the U.S., monitoring tools such as CreditWise from Capital One or Experian’s Dark Web Triple Scan are good places to start. These apps scan the dark web for any mention of your Social Security number, email, or phone number. If they find your details, they’ll let you know right away so you can take action.
Both services are free, so it’s worth checking even if you don’t suspect your info has leaked onto the dark web. CreditWise even offers extra features such as credit reports and scores.
Read more: How to access the dark web
How did your info end up on the dark web?
If you find out your details were sold on the dark web, you might be wondering exactly how they ended up there. Aside from the old-school methods such as stealing your wallet or phone, or diving through a dumpster to find account statements (seriously, invest in a shredder), there are several ways your personal info could end up in the hands of scammers and sold on the dark web.
Corporate data breaches: Large data breaches or hacks are a common way for your personal information to end up on the dark web and into nefarious hands. It’s possible for this data to include first and last names, credit card numbers, social security numbers, and other sensitive personal details.
Phishing scams: You’re tired. It’s been a long day at work. Scrolling through your emails, you see a link to reset your Facebook password. You don’t recall requesting for a password reset. But the email looks legit at a quick glance, so you click the link and enter the info the site asks for.
It’s easy to fall for phishing scams if you’re not careful. Once you’ve input your info, the scammer has access to your details. From here they can use your info to steal your identity themselves or sell it on the dark web.
Using unsecured public Wi-Fi: Public Wi-Fi networks are at risk of cyberattacks. Third parties can spy on your online traffic, making it easy for them to swipe your info. Before you’ve finished your frappuccino, your credit card details could be on the dark web ready for purchase.
What to do if your information is on the dark web
There’s no magic way to scrub your info from the dark web. Once it’s up, you can’t force anyone to remove it. Well, unless the FBI takes down the domain hosting your stolen information.
However, that doesn’t mean you’re powerless to protect yourself. Here are several steps you should take if your information finds its way onto the dark web.
Place a security freeze on your credit reports
If someone is using your information to open credit cards or loans under your name, a credit freeze should be your number one priority. A credit freeze prevents others from accessing your credit report and makes it tougher for thieves to open credit in your name. All three big credit firms (Equifax, Transunion, and Experian) can do this for you. Just be aware it’ll also make it harder for you to open credit. Expect extra steps and paperwork. However, that’s a small price to pay for preventing others from ruining your good credit.
Many countries including the UK and Canada have a similar credit-score system; however, this type of system does not apply to all countries.
Change your passwords on all accounts
If you suspect or discover your personal information is on the dark web, change your passwords right away. Don’t repeat passwords on different accounts, and ideally choose long, complex, random ones.
For added protection, set up two-factor authentication.
Contact your bank and credit card issuers/lenders
Close your accounts immediately if your banking information is compromised. Your bank or credit card issuer will help you shut down your accounts and open new ones. They’ll also assist you in setting up fraud alerts to help protect you in the future.
Report fraud to the Social Security Administration
In the U.S., Social Security numbers are identification that are meant to stay confidential, known only to the individual, government agencies, and some financial businesses. Contact the Social Security Administration if you fear your Social Security number has been compromised. They’ll assist you in setting up a recovery plan, or even assign you a new number if someone continues to use your SSN.
In general, it’s a good idea to set up a My Social Security account, which helps you manage your Social Security benefits and update your personal details. One benefit of signing up is to block a potential identity thief from creating an account under your number and causing you a greater headache.
Take back control of your privacy
30-day money-back guarantee