Identity theft and fraud protection for your finances, personal info, and devices.
What Is the Dark Web? A Closer Look
“I just assume my data is being sold on the Dark Web,” said Avivah Litan, a security analyst at the technology research firm Gartner. “You should just assume it is stolen [*].”
As of March 31, 2022, there were 404 publicly-reported data compromises. That’s a 14% surge since Q1 2021. In most cases, identity thieves used phishing and other cyberattacks to leak stolen data onto illegal forums and marketplaces on the Dark Web [*].
Beneath the "surface web" seen by the public exists a "Deep Web."
The Dark Web is a nefarious part of the Deep Web: an obscure sub-internet designed to house illicit databases and provide anonymity to criminals.
In this shrouded digital underworld, stolen credit cards cost $9, and an unsuspecting victim’s complete online banking data sells for as little as $270 [*].
While “Dark Web” and “Deep Web” are (incorrectly) used interchangeably, the latter refers to anything on the internet that search engines can’t access. Content — most often, sensitive information — on the Deep Web is tucked behind paywalls or sign-in credentials.
Some examples of pages on the Deep Web include medical records, confidential web pages, and subscription-based accounts.
A subset of the Deep Web, the Dark Web requires you to access it via an anonymous web browser called the Tor Browser. This browser makes any digital identification "dark" by scrambling IP addresses.
The anonymity and hidden databases of the Dark Web makes it an ideal place for criminals to steal and trade Personally Identifiable Information (PII).
What Is a Dark Web Scanner?
- Imagine that your work is hit by a data breach and your data is exposed. The hackers could take that stolen information and sell it to criminals on the Dark Web.
- Your personal information could wind up with anyone — from a teenage hacker creating fake IDs to buy alcohol to a gang of hardened criminals using stolen identities to conceal serious felonies.
- With your stolen PII in their possession, the scammers can now open bank accounts, shop online, or initiate numerous other types of identity theft schemes.
A Dark Web scanner is a tool that searches through the Dark Web for your Personally Identifiable Information.
Dark Web scanners comb through data servers and alert you when any activity related to your information is found. If you receive a notification, then you can take action to protect your accounts and sensitive data.
How Does a Dark Web Scanner Work?
To perform a Dark Web scan, you first must provide a detailed list of your personal data to the hired service. The scanner then compares your information against lists of breached or stolen data found in data dumps.
Here’s what a Dark Web scanner looks for:
- Full names
- Email addresses
- Information about your sexual orientation
- Customer service transcripts
- IP addresses
- Payment details
- Credit card information
- Social Security numbers (SSN)
- Financial account data
- Social media information
It's impossible to scan the entire Dark Web and every search engine, so a scanner looks for your data in popular Dark Web locations.
Plus, some areas of the Dark Web are protected with passwords or security clearances that a Dark Web scanner cannot access, so the scanner focuses on popular darknets.
Zoom out: If you want further protection beyond standard Dark Web scans, you would need to upgrade your identity theft protection service to include Dark Web monitoring.
Dark Web scanning vs. Dark Web monitoring
While Dark Web scanning is a one-off search activity, Dark Web monitoring services offer non-stop protection in real time.
Dark Web scanning:
- Searches through known data dumps
- Scans popular Dark Web locations
- Provides limited access to protected or private Dark Web pages
- Offers a reactive service, in which victims are usually chasing scammers after a data breach
Dark Web monitoring:
- Can catch compromised data before it turns into a large-scale attack
- Engages in continuous Dark Web searches looking for your personal information
- Uses crawlers to comb through an extensive number of Dark Web pages
- Offers proactive mitigation to stay one step ahead of criminals
How much does a Dark Web scan cost?
Identity Guard offers a free Dark Web scan. A zero-cost scan like this is a smart initial step if you fear that your information is under threat after a data breach.
When you run this scan, Identity Guard assesses your risk of identity theft, account hijacking, home title (i.e., deed fraud) and credit theft, spam and robocalls, and also how likely it is that data brokers might sell your personal information.
For 24/7 protection, it’s best to sign up for continuous monitoring services to keep your identity data safe. Paid plans from Identity Guard start at as little as $7.50 per month.
For continuous monitoring for the entire family (two adults and five kids), explore Identity Guard’s family plans.
What Can Criminals Do With My Personal Information?
Why should you worry about your PII being available on the Dark Web? There are six main ways that scammers can use your personal information for fraud, scams, and identity theft:
1. Identity fraud
How it happens:
Governments and businesses use identity information to verify that you’re the person who you say you are. Not only does authentication help limit illegal activity, but it also protects your finances, tax accounts, and other private files from unauthorized users.
If hackers purchase your sensitive information on Dark websites, they have all the necessary verification tools to impersonate you.
They can create bank accounts to make withdrawals and transfers, open new tax accounts, apply for fraudulent tax refunds, or set up lines of credits in your name.
Identity theft in real life:
Slava Dmitriev was sentenced to three years in prison for the purchase and sale of 1,764 items, including many stolen identities. He was found in possession of over 200,000 separate identities, which had been sent from a cyber-extortionist group known as The Dark Overlord (TDO) [*].
2. Account credential theft
How it happens:
Instead of using your PII to impersonate you, many hackers will simply purchase your credentials for easy account access. Once they own your stolen data, fraudsters can bypass passwords and security questions (a technique known as credential stuffing).
Once inside, criminals can siphon out money or gain access to other attached accounts.
The most popular instance involves hacking your passwords to gain easy entrance into your employer's digital servers. Many fraudsters will even block your secondary access after an account takeover.
Account takeovers in real life:
In 2021, Verizon fell victim to a credential stuffing attack with its subsidiary, Verizon Visible [*]. The breach occurred after a single hacker bought customer account details on the Dark Web. With access to hundreds of separate customer accounts, the criminal placed phone orders using the stored payment information.
3. Home title theft
How it happens:
Fraudsters can create false home deeds after buying your information on the Dark Web. Using your data and a fake document, the scammers attempt to transfer the ownership of your home to their name.
Most thieves use fraudulent deeds to take out loans as collateral. Some will pose as you and set up reverse mortgages with your bank.
The most audacious criminals may even attempt to sell your home outright without your knowledge. It may seem far-fetched, but fraudulent home heists do occur.
Home title theft in real life:
In March 2021, the Philadelphia Police Department and district attorney filed multiple charges against five individuals who had shifted the ownership rights of 10 North Philadelphia row houses [*]. After a two-year police investigation, the deed theft criminal ring faced the civil courts on counts of forgery, fraud, and theft.
4. Credit card fraud
How it happens:
Fraudsters take advantage of credit card information bought on the Dark Web to make online or in-store purchases. Examples include applying for a loan, funding a vacation, or attempting to finance large-scale physical purchases for resale value.
The Fair Credit Billing Act (FCBA) limits your liability with credit card companies to $50, or $500 in the event of credit card fraud. But credit card fraud resolution can be a harrowing and time-consuming ordeal.
More importantly, criminal activity can have a negative impact on your credit score with lenders. If your credit reputation falls, that will affect your ability to make future credit purchases.
Credit card fraud in real life:
The United States Attorney's office charged Sorin Becheru with selling credit card numbers on the Dark Web [*]. The Romanian man stands accused of fraud after a successful extradition request was initiated between the United States and the Romanian governments.
Becheru had more than 240,000 credit cards in his possession, which he obtained via malware schemes. If convicted in a court of law, Becheru faces up to five years in prison.
5. Spam and robocall scams
How it happens:
Spam texts and robocalls are popular identity theft techniques that fraudsters use today. In the U.S., one out of every four calls from non-contacts were spam and fraud in the first quarter of 2023 [*]. Because of the increase in smartphone use, scammers continue to target victims using phone-based scams.
While robocalls seem like harmless nuisances, they are often a symptom of privacy breaches associated with your information. In all likelihood, your phone number and other data are readily available on the internet. Consider an increase in unsolicited messages a red flag for potential Dark Web activity.
Phone-based scams in real life:
On September 16, 2021, Shehzadkhan Pathan was given a 22-year prison sentence for an overseas robocall scheme. His call center defrauded victims out of more than $10 million [*].
6. Data trading
How it happens:
Every time you input your information into an online page, secure servers collect that data. Even as you browse the web, information (such as your name, location, and IP address) is tracked. Open identification keeps the internet safe — or at least that's the theory.
Unfortunately, unscrupulous data traders can take that information and sell it on the Dark Web. Even if you only share your information with honest and trustworthy sources, hackers can illegally access servers to steal your protected files.
Without your knowledge, your data could be up for sale — readily available for a scammer to exploit.
The Department of Justice recently shut down RaidForums — a marketplace for stolen databases on the Dark Web. RaidForums was trading in pilfered user passwords, credit card details, and SSNs.
If Your Personal Information Was Stolen, Do This:
If you suspect that your PII is vulnerable or you know it's been leaked to the Dark Web, consider taking the following nine steps to limit financial damage before it’s too late.
1. Reset your passwords
First, change the passwords for each of your accounts. This simple step will help limit the amount of data a scammer can access. If possible, take advantage of a secure password manager that uses Multi-Factor Authentication (MFA) to ensure the best login protection.
New password credentials and double verification procedures can thwart identity theft attempts.
📚 Related: Was Your SSN Found on the Dark Web? Do This →
2. Alert your financial service providers
Call all financial institutions or connected business account providers, and warn them of possible identity theft. Your bank may already have remediation processes available for common bank scams and will take action right away.
They will also place additional monitoring security on any vulnerable accounts to deter fraudulent activity and catch cyber criminals.
3. Place a credit freeze
Contact all three major credit bureaus — Equifax, Experian, and TransUnion — and request a credit freeze. When you initiate a freeze, it stops anyone from opening any new credit accounts in your name. You may “thaw” this freeze temporarily to apply for a new line of credit.
📚 Related: How To Remove a Fraud Alert From Your Account →
4. Pull and review your credit reports
Ask the bureaus for a copy of your free credit report, and search the documents for any inaccurate information or suspicious activity. Unfamiliar account activity or unapproved changes in account information can alert you to the areas in which a scammer has already attempted to commit fraud.
→ Did you know? You can request a free credit report from AnnualCreditReport.com and look for potential fraud or incorrect information on your report.
5. Inspect your credit card statements
Credit card-related theft is often the go-to option for scammers who have stolen your data. Fraudulent transactions made via payment cards is expected to be $32.9 billion in 2023 [*].
If your data is compromised on the Dark Web, search through your credit card billing statements and flag any suspicious or false activity. Report any instances to your financial institution, and initiate chargebacks on any fraudulent transactions to limit your monetary losses.
6. Close vulnerable online accounts
If you locate a compromised account, deactivate and delete it as soon as possible. Additionally, if you know of any accounts that have low security or are vulnerable to hackers, shut down those accounts to reduce the chances of cybercrime.
7. Report SSN fraud if applicable
Your SSN is the primary identification item used by governments to confirm who you are — especially in relation to your finances.
SSN fraud can leave you dealing with complicated consequences and a long and frustrating road to resolution. If fraudsters have your SSN, they can engage in multiple identity theft schemes that could lead to extensive financial damage, impacting your life in many ways.
If you suspect that your SSN may be on the Dark Web, file a report with the Office of the Inspector General.
- OIG Social security fraud hotline: 1-800-269-0271
- OIG Online report submissions: oig.ssa.gov
8. Report passport or driver’s license fraud
It is a good idea to quickly report any passport or driver’s license fraud. While these IDs may not give criminals direct access to your bank accounts, both documents are primary pieces of identification that fraudsters can abuse. Recovery times for both IDs are costly and can involve extensive re-verification processes.
→ Did you know? You can report any potential passport fraud to the Bureau of Consular Affairs, or send an email to PassportVisaFraud@state.gov to notify authorities. For driver's licenses, contact your state's motor vehicle department (DMV).
9. Sign up for a Dark Web monitoring service
In addition to one-time free scans, also look for services that offer high-level Dark Web monitoring. Aura and Identity Guard also offer identity theft protection to ensure that thieves don’t continue to use your identity for criminal activity and fraud.
Identity Guard and Aura are two of the highest-reviewed identity theft protection services available. But do your own research. Check reviews and read testimonials before you trust any company with your sensitive data.
Online Security Is No Joke — Identity Guard Can Help
Signing up for an identity theft protection service is the best way to defend against thieves who attempt to steal and sell your PII on the Dark Web. Identity Guard monitors both the surface and hidden areas of the internet, alerting you if any compromised credentials are found.
In addition to our real-time Dark Web monitoring protection, you gain access to a suite of identity theft tools and benefits, including:
- Easy fraud resolution
- Expert customer support
- $1 million in recovery insurance for eligible losses
- Android and iOS applications
- Risk management scores
- Antivirus and Wi-Fi security (VPN)
You can select comprehensive levels of identity theft protection with different insurance and pricing plans.