SkipToMainContent

Emerging Threats

What is a dark web scan and can it protect your identity?

A dark web scan is a service offered by internet security companies. The scan will search the dark web for you, combing through its large databases of stolen usernames, passwords and credit card numbers for sale.

The providers of these scans will then notify you if they find your personal information on the dark web. Even though there’s no way of removing your personal information from the dark web, once you know what information is exposed, you can take action to help protect yourself against identity theft.

What is the dark web?

The dark web is a network of sites that you cannot access through a typical search engine. Sites on the dark web use encryption software to hide their locations.

A good chunk of the dark web is devoted to the buying and selling of stolen financial and personal information. If your information ends up on dark web sites — for instance, after a data breach — an identity thief could gain access to it.

This criminal might then use your sensitive information to make purchases with your  credit card information, take out loans or open new credit cards with your name or transfer money from your bank account.

A quick note for clarity: The dark web is different from the deep web. Content on the deep web also is not accessible by search engines — but it includes things like your online banking account, your health insurance portal, or a company’s private database, all of which require you to enter personalized credentials to access.

What kind of personal information is on the dark web?

Some of the types of information that cybercriminals commonly access and sell on the dark web includes:

  • Credit and debit card account numbers
  • Log-in information for payment services such as PayPal
  • Driver’s licenses
  • Medical records
  • Passports
  • Contact information (phone numbers, emailaccounts)
  • Log-in information for subscription services, like Netflix or Spotify

The prices that cybercriminals fetch for this information can vary. A stolen driver’s license may be worth $1, whilst someone may pay $20 to $200 for log-in information for your PayPal account.Stolen credit card information can fetch anywhere between $5 and $110.

How does a dark web scan work?

A dark web scan works by scouring collections of stolen personal information and alerting you if your details are found. You can then take the appropriate steps to help mitigate resulting damage.

It is important to be aware that dark web scans can’t find everything. There is no way for any company to search the entire dark web. A scan can uncover when your data has been exposed. But it can’t find every instance of this because not all personal data is exposed in data breaches. For example, paper documents or forms containing your personal information may be left unprotected and exposed in an office or even in your home.

How can I scan the dark web for free?

Cybersecurity services sometimes offer dark web scans. If you’re worried that your financial information has been exposed on the dark web, such a service could help alleviate or confirm these fears.

What is dark web monitoring?

You can think of dark web monitoring as a continued dark web scan. It helps you consistently monitor activity on the dark web that may compromise your personal information. You will receive an alert from your dark web monitoring service if your information is found.

What should I do if my information is detected on a dark web scan?

You’ve ordered a dark web scan and discovered that your personal and/or financial information is for sale. What should you do now?

There are steps you can take to help minimize the damage.

1. Change your passwords

Security experts recommend you change your passwords every time you discover that your personal information has been exposed. Never use the same passwords on multiple sites, and make sure your new passwords are complex and difficult to guess.

The more complicated your passwords — using a series of letters, numbers, and symbols — the better.

2. Notify your financial services providers

If a scan finds that your credit card or bank account numbers have been exposed, call your financial services companies. This includes banks and credit card companies. You might need to cancel those accounts and open new accounts with new credit/debit cards to keep your financial information safe.

3. Monitor your credit card statements

Study your credit card statements carefully, looking for any suspicious purchases. If you do notice fraudulent charges, immediately contact your card provider. If you contact your bank or the card provider promptly upon discovering the charges, you may not be held liable for charges made by thieves.

It’s important to report fraud quickly and if you do find fraudulent purchases, make sure to request a new credit card and account number from your card provider.

4. Order your credit reports

You’ll also need to monitor your three credit reports — one each maintained by Experian, Equifax, and illion — for any accounts that might have been fraudulently opened in your name.

You can order one free copy of each of your reports once a year from each of these providers. When you order these reports, look them over carefully for credit card accounts or other loans that might have been opened in your name fraudulently.

If you find unusual activity on any of your credit reports, contact the company that issued your card or loan and explain that you have been the victim of identity theft. You should also contact the Australian Cyber Security Centre, to file an identity theft report.

5. Consider a credit report ban

If you suspect that you have been the victim of identity theft, you should consider requesting a credit report ban. Doing this will prevent credit providers from accessing your credit report as part of a credit check.

Doing so is free, but you must do it with all three credit bureaus. Australians can do this online at illion, Equifax and Experian.

The threat of your personal information appearing on the dark web is real. Luckily, a dark web scan can help you take steps to mitigate future damage and grant you peace of mind.

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.