Identity theft and fraud protection for your finances, personal info, and devices.
Is Your Email on the Dark Web?
By now, it’s almost guaranteed that your personal information is for sale on the Dark Web.
In 2021 alone, sensitive data from over 22 billion accounts was leaked after data breaches occurred at companies including Shein, American Airlines, Uber, and Toyota [*].
The result? Millions of Americans have had their personal data — including email addresses and passwords — stolen and put up for sale on the Dark Web [*].
Yet while many scammers focus on financial information, such as bank account numbers or credit card details, email addresses are still a common target. Scammers buy and sell lists of email addresses on the Dark Web that are then used for phishing attacks, spam emails, or worse.
If your email address was found on the Dark Web, there’s not much you can do to remove it. However, there are steps you can take to secure your identity, protect yourself from hackers, and safeguard your personal information in the future.
What Does It Mean If Your Email Is on the Dark Web?
The Dark Web is a layer of the internet that is only accessible using anonymous web browsers like the Tor Browser (as opposed to traditional web browsers). Dark Web sites, forums, and marketplaces can’t be found using traditional search engines either, making them almost invisible to most web users.
All of these reasons make the Dark Web perfect for cybercrime — including the buying and selling of stolen personally identifiable information (PII) — because those who access it are effectively unidentifiable.
Stolen information can command different prices on the Dark Web.
Email addresses on their own are surprisingly cheap — 10 million U.S. email addresses sell for $120 [*]. But when combined with other sensitive information, like a Social Security number (SSN), credit card number, or password, the prices skyrocket.
With your email address (and other personal information), hackers can:
- Target you with sophisticated email phishing and social engineering attacks.
- Break into your email account and use it to take over your other online accounts.
- Gain access to your workplace’s network and data — email administrator accounts can sell for as high as $120,000 on the Dark Web [*].
- Spoof your email address (or social media accounts) to scam your friends and family.
- Find more of your sensitive information that’s leaked on the Dark Web, such as your driver’s license, passwords, or phone number.
The bottom line: If your email address alone has been leaked to the Dark Web, it’s not necessarily that big of a deal. You’ll probably receive more spam messages, but scammers won’t be able to take over your accounts — unless you haven’t enabled additional security measures such as two-factor authentication (2FA).
Check If Your Email Is on the Dark Web
A Dark Web scanner searches the Dark Web for your email address and personal information. If it finds any activity related to you, you are alerted immediately. You can then act quickly to secure your accounts.
Can You Remove Your Email (and Other Info) From The Dark Web?
Once your email address or other information is on the Dark Web, it’s there to stay.
For this reason, it’s far more important to be proactive about your online security. Knowing what information is for sale allows you to update your accounts, secure your digital identity, and prevent scammers from doing more harm.
Here’s What To Do If Your Email Was Found on the Dark Web
If your email address has turned up on the Dark Web, there’s only a small window of time before a scammer or hacker will try to target you. Act quickly and follow these eight steps to prevent yourself from becoming a victim.
1. Change your passwords immediately and enable 2FA
With your information available at a price, your passwords are the only means of protection to prevent cybercriminals from accessing your accounts (all of them — not just your email). To secure them, you should create new and unique passwords.
For additional security, enable 2FA whenever possible. Two-factor authentication adds a second layer of defense by requiring special codes or biometrics before you — or anyone — can get into your accounts.
How to create more secure passwords:
- Create long, random, complex passwords using a mixture of letters and symbols. The longer they are (and the more varied the characters), the harder it is to guess by brute force. Avoid using personal or easily-guessable information.
- Activate two-factor authentication (2FA) or multi-factor authentication (MFA) on all of your accounts. A skilled hacker can fool almost anyone with a sophisticated phishing attack. In case this happens, 2FA and MFA prevent scammers from accessing your accounts.
- Use a password manager like Identity Guard’s ID Vault to securely store all of your passwords and alert you if you’re using a compromised password. This way, you know which accounts are at risk.
📌 Related: Was Your SSN Found on the Dark Web? Do This →
2. Run an antivirus scan on your computer and phone
If your email or PII is for sale on the Dark Web, there’s a good chance that scammers acquired it via a phishing email or malware infection. Antivirus and anti-malware software will discover and isolate the potential malware or spyware so that your future accounts aren’t compromised.
What to do:
- Make sure you have reputable and up-to-date antivirus software installed on your PC and smartphone.
- Open the antivirus software and initiate a full scan to quarantine and remove any infections. It’s a good idea to set up automatic scans in the future to keep your devices safe.
3. Freeze or lock your credit
If your email has been compromised, your financial accounts could also be at risk.
Freezing or locking your credit accounts ensures that fraudsters are unable to open new accounts in your name. You can freeze your credit by contacting each of the three major credit bureaus. But be warned that it can take up to 24 hours to activate.
Credit locks, on the other hand, are instantaneous; but you need to be signed up for the service with each of the credit bureaus.
How to freeze your credit:
- Contact each credit bureau – Equifax, Experian, and TransUnion — and request a credit freeze.
- Consider signing up for a credit lock program. You can lock and unlock your Experian credit report with a single click using the Identity Guard Ultra plan.
4. Check your credit report and bank statements
Financial account takeovers are among the most common types of financial fraud. If someone gains access to your account information, they can easily impersonate you to make purchases, take out loans, or simply withdraw your money.
What to do:
- Request a free report from AnnualCreditReport.com. This will show you if any recent unauthorized loan requests have been made without your consent.
- Check your bank account statements for suspicious activity. If discovered, contact your financial institution and report the fraud. They will help you navigate what you need to do next.
- Consider signing up for a credit monitoring service like Identity Guard that will watch your financial accounts for fraudulent activity.
5. Report the fraud to the relevant authorities
Reporting fraud is crucial if you’re going to dispute any transactions made in your name by a scammer. Otherwise, you have no proof that they were made by someone else.
Fraud reports also help law enforcement agencies track down cybercriminals and warn potential victims of new scams before it's too late.
Report fraud to:
- The Federal Trade Commission (FTC). Filing an FTC Identity Theft Report should be your first step. This report will act as an official statement of the crime that occurred.
- The FBI’s Internet Crime Complaint Center (IC3).
- Your local police department (in certain situations).
6. Do a full Dark Web scan to see what other information has been leaked
Finding out what information hackers have on you is vital if you want to protect yourself from further cyberattacks and scams.
A free Dark Web scanner like the one offered by Identity Guard can provide this information quickly and easily — but it won’t show you all of the information to which hackers have access. For this, you need to sign up for a Dark Web monitoring service.
How to scan the Dark Web:
- Enter your primary email address (and other emails) into Identity Guard’s free Dark Web scanner.
- Make a list of your compromised accounts and PII, and focus on these high-risk entities before moving on to your other accounts.
Are you at risk? All Identity Guard plans come with full Dark Web monitoring to help you know exactly where you’re vulnerable to scammers and hackers. Sign up today and save 33% on your membership →
7. Set up an email alias to protect your main inbox
An email alias is a secondary account that you can use to sign up for new online accounts, newsletters, or when getting discounts from online stores. The emails can still be routed into your main inbox, but your primary email account won’t be compromised in the event of a data breach.
What to do:
- Set up an email alias using your email provider. For example, Gmail allows users to create aliases for their primary email addresses by adding “+[alias name]” to their email. So, if your email address was “James@gmail.com,” you could create an alias of “Jamesemail@example.com.”
- When you come across a site that requires an email account to access it, use this address instead of your primary account.
8. Consider signing up for identity theft protection
Unfortunately, free Dark Web scanners can only be used manually. A Dark Web monitoring service will constantly scan the Dark Web for your PII and email addresses, alerting you immediately if anything is discovered.
In addition, an identity theft protection service like Identity Guard will monitor your credit cards, financial accounts, and investment accounts around the clock for signs of fraud.
What you get with Identity Guard:
- Real-time Dark Web monitoring protection. Identity Guard continuously scours thousands of databases for your SSN, email address, name, and more.
- Award-winning identity theft protection tools. Depending on your subscription, Identity Guard provides three-bureau credit monitoring, investment account monitoring, and more.
- Access to expert fraud resolution and $1 million in insurance. If you do become a victim of identity theft, you have access to highly trained experts who are dedicated to helping you recover your identity. Every Identity Guard plan includes $1 million in recovery insurance for eligible losses.
How To Tell If Your Email Has Been Hacked
If your email address has been hacked, there may be several obvious red flags. Here are seven ways that you can tell if someone has hacked your email account:
- You’ve been locked out of your account. If you can’t sign into your email account, it’s most likely too late — hackers have already locked you out by changing your password. In this case, you’ll have to submit a password reset request and contact the email provider to reclaim your account before more harm is done.
- There are unrecognizable emails in your “sent” folder. If hackers don't want you to know that they have access to your account, they may try to send mail covertly. Check your “sent” and “deleted” folders for any strange messages.
- You’ve received password reset emails that you didn’t request. With access to your emails, scammers might try to access your other accounts (like your bank or social media accounts).
- Different devices and IP addresses show up in your activity log. If you check your provider’s activity log and see devices, physical locations, and IP addresses that couldn’t be you, someone else is signing in to your account.
- Your friends tell you they’re receiving spam from you. If someone tells you that they’ve received a strange email from you that you didn’t send, there’s a good chance a hacker is trying to “spoof” your account and scam your contacts.
- Strange posts and messages appear on your social media. Scammers often use email addresses to run scams via the victim’s social media accounts. If strange posts appear on your Facebook, Snapchat, or Twitter accounts, you’ve likely been hacked.
- Your account settings have been altered. If you notice that certain settings have changed — like a new recovery email or 2FA option — a hacker is probably trying to lock you out of your account.
Should You Change Your Email If It Is Found on the Dark Web?
While changing your email address is an option, it can be time-consuming — without offering a long-term solution.
To successfully change your email, you’ll have to alert all of your contacts and move your data to a new address. This can result in lost data, confused work colleagues, and a massive headache.
Instead, it’s better to secure your accounts and be more careful in the future. Follow the steps above, learn the signs of a scam, and avoid falling victim again.
How To Protect Your Email From Scammers
When it comes to cybersecurity, being proactive is key. The more time that goes by, the more likely that some of your information will show up on the Dark Web.
It’s vital to secure your sensitive data to prevent this from happening (and mitigate the risks in case it does).
Here are nine steps you can take to protect your email from scammers on the Dark Web:
- Use a password manager to secure your online accounts.
- Be selective about whom you give your primary email to (as well as other sensitive information).
- Avoid clicking on unknown links and attachments in emails.
- Set up unique login credentials and 2FA for each account you use.
- Avoid non-secure websites (those without “HTTPS” at the beginning of the URL).
- Secure your financial information with credit monitoring.
- Reduce your digital footprint.
- Avoid using public Wi-Fi networks without a Virtual Private Network (VPN).
- Use an email alias or garbage email account to sign up for unimportant websites and newsletters.
The Bottom Line: Secure Your Email From Dark Web Scammers
Because of data breaches, whether your email address ends up for sale on the Dark Web is often out of your control. That’s why it’s vital to secure your accounts and remain vigilant.
Identity Guard can give you added peace of mind by monitoring your sensitive data and providing expert U.S.-based fraud remediation specialists to help you navigate the complicated world of data breaches and scams.