Cybercriminals have various methods for getting their hands on your data. Phishing attacks are when criminals send you an email or text with a link or attachment to download. Once you click on it, it takes you to a malicious website that steals your data.
A faster way of getting personal information is through the Dark Web. Hackers who breach massive databases put personal details for sale on the Dark Web, where criminals can buy sensitive information. Tap or click here for three tricks to see if your passwords are on the Dark Web.
Some services alert you when your data has been exposed. But read on to see why you can’t always trust an email about the Dark Web.
Here’s the backstory
Apple and Google have built-in functionality that alerts you to any discoveries of your username, email address or passwords on the Dark Web. There is also the excellent HaveIBeenPwned website, which covers over 11 billion stolen records and tells you from which breach it is. Tap or click here for steps to using this tool.
It’s always best to check for yourself if your data is compromised, but some people told the Federal Trade Commission (FTC) that they’d received emails alerting them that their data is on the Dark Web.
There is a possibility that it’s true, but the FTC warns that you must treat these emails with skepticism. They could be phishing attacks. The agency explained that some emails list the stolen information, including the victim’s Social Security number, date of birth and driver’s license number.
Hackers might be using partial information on you to get more details. For example, the email could mention your date of birth. Then to verify that it’s your data, there is a link you must click and supply more details. The hackers then capture that information, which could lead to fraud or identity theft.
How to handle Dark Web phishing emails
While there is a chance your data is already on the Dark Web, you shouldn’t believe unsolicited emails and hand over more information. To help protect against these types of phishing attempts and avoid falling victim to identity theft, the FTC gave the following suggestions.
Don’t click a link or use a phone number in the message. It could be a phishing email designed to trick you into disclosing sensitive information to scammers. If you think the message is legit — for example, if you have a credit monitoring service or a credit card with a company that monitors the Dark Web — contact the company using a website or phone number that you know is real.
Change your passwords to secure your accounts. Start by changing the passwords on your email accounts. Email accounts often are the weak link in online security because password resets for other accounts go to your email. If your email account password has become known, then an identity thief can log into your account and intercept your password reset emails.
Check your credit reports. After securing your accounts, ensure nobody has opened new accounts using your information. Visit AnnualCreditReport.com to get an annual free credit report from each of the three nationwide credit bureaus, Equifax, Experian and TransUnion. Through December 2023, you can get a free weekly credit report on their websites. If you find an account or transaction you don’t recognize, visit IdentityTheft.gov to report identity theft and get a personal recovery plan.
Consider freezing your credit. A credit freeze is free to place and remove and is the best way to protect against an identity thief opening new financial accounts in your name. You can also set a free fraud alert on your credit to make it more difficult for an identity thief to get new credit in your name.
If you get an email claiming your information is being sold on the Dark Web, report it at ReportFraud.ftc.gov.