If a scammer has your phone number, you should lock your SIM card, secure your online accounts with strong passwords and block spam calls from your
Updated on March 21, 2024.
If you discover that your email address or other personal information is on the dark web, don’t panic. Instead, be proactive and update your passwords, enable Multi-Factor Authentication (MFA) on your accounts, check your financial accounts for suspicious activity and scan your devices for malware. The earlier you take steps to protect your personal information, the less damage a cybercriminal will be able to cause.
Continue reading to learn more about the steps you need to take after finding your email on the dark web and how to keep your information protected.
How do I know if my email address is on the dark web?
The best way to know if your email is on the dark web is by using a free dark web scan or dark web monitoring tool. Free dark web scans and dark web monitoring tools work similarly. They both compare your email to billions of breached credentials that are published on the dark web. The main difference between these tools is that dark web monitoring is usually a paid subscription that sends you real-time notifications, whereas dark web scans are free and don’t send your alerts when your information is found on the dark web.
Four steps to take after finding your email on the dark web
Use the steps below as a checklist of what you should do if your data is ever found on the dark web.
1. Change your passwords
The first step you need to take immediately is to change your passwords. Change all passwords associated with the breached email address to ones that are strong and unique. If any accounts you’re updating support the use of passkeys, enable passkeys as a sign-in method as they offer better security than passwords. For accounts that support only passwords, we recommend using a password generator to ensure each of them is strong and unique.
If you’re worried you won’t be able to remember your strong passwords, a password manager is a great investment. Keeper Password Manager offers a free 30-day trial and will guide you throughout the process of updating your passwords when using its KeeperFill® browser extension.
2. Enable MFA on your accounts
According to Microsoft, multi-factor authentication can prevent 99.9% of account compromise attacks. If you have the option to enable MFA on your accounts, do it. MFA can make all the difference in keeping your accounts and personal information safe.
Even if a cybercriminal does get a hold of a set of your credentials, MFA blocks them from accessing your account further. Once the cybercriminal attempts to log in, MFA will prompt them to further verify themselves through other methods such as:
- Entering a verification code from an authenticator app
- Providing a biometric scan of their fingerprint or face
- Tapping or inserting a hardware security key
The cybercriminal won’t be able to provide any of these, making it difficult for them to compromise your account.
3. Check your financial accounts
One email address on the dark web may not compromise all your online accounts, but it is better to be safe than sorry when it comes to your finances. Get a copy of your credit report from the three credit bureaus– Experian, TransUnion and Equifax– to see if anyone has taken out loans or credit cards under your name. You can get free weekly credit reports from each of the three bureaus by visiting AnnualCreditReport.com. Be sure to also check your online bank accounts for any suspicious activity by logging into your account or calling your bank directly.
If you encounter strange activity, here’s what you should do:
- Ask your bank to close the account: Your bank and credit card lenders should be able to shut down any compromised accounts and open new ones for you.
- Place a security freeze on your credit report: Freezing your credit will prevent a cybercriminal from accessing your credit report and opening new credit lines or loans under your name.
4. Scan your computer for malware
As an extra security precaution, make sure that your computer hasn’t been infected with any malware by running an antivirus scan. The reason your email was found on the dark web may be due to a malware infection. If you don’t have antivirus software installed on your device, free options such as BitDefender for Windows and Avast for Mac are available online.
Once you run your antivirus software, review the results and take action to remove the viruses or malware if any are found. Your software should take you through these steps.
How did my email get on the dark web?
There are infinite ways that information can make its way to the dark web, but here are a few of the most common.
- Data breaches: Companies you have accounts with can suffer data breaches that lead to the exposure of employee and customer personal information. Information that is exposed can range from login credentials to Social Security numbers.
- Malware: Malware is any malicious software that is installed onto devices or networks of an individual or organization to steal or modify data– usually for monetary gain. Information stolen using malware can then be posted on the dark web for sale.
- Phishing: Phishing is a type of social engineering attack launched by cybercriminals that attempts to get you to reveal personal information either by convincing you they’re someone you know or by urging you to click a malicious link or attachment. If you click on any of the two, malware can immediately begin infecting your device or you’ll be redirected to a spoofed website where you’ll be prompted to enter your information.
Can I remove my email from the dark web?
No, any information of yours that is published on the dark web cannot be removed. The best way to protect yourself from the dark web is by taking basic cybersecurity precautions. These include using dark web monitoring to keep an eye on what information of yours has been posted on the dark web and updating your passwords whenever you discover new information on there. You should also be extra cautious about emails you receive to ensure they’re not phishing emails that can place your personal information at risk of compromise.
How Keeper can protect you from the dark web
Keeper Security’s dark web monitoring tool, BreachWatch, can help you stay alert if your email address makes its way to the dark web. BreachWatch is an add-on that Keeper offers with its password manager plans. If any of your login credentials are detected on the dark web, you’re sent a dark web alert in real time so you can update your passwords immediately.
To check if your email is on the dark web, use our free dark web scan tool, powered by BreachWatch.