If you have ever received an email from your credit card provider with the subject line: “We have urgent information about your account.” Assuming by “urgent” they meant, “your credit card is expiring in nine months & this email 1 of 1,000 to remind you we’re sending you a new card,” You opened it & was greeted with this instead: “We found your personal information on the dark web.”

For example, the email will say that much of your personal information had been found on a routine dark web search & that you need to call them immediately. You may assume this was some sort of elaborate phishing scheme.  Needless to say, this email was very real.

The problem is most people don’t know where to begin. They start randomly changing passwords, deleting accounts & calling their bank without rhyme or reason.

The Dark Web

So what is the “Dark Web?”

The dark web is essentially a hidden network of websites you need a special resource to access.  Furthermore, dark web sites are often heavily encrypted & hosted on anonymous servers. Besides, not everything on the dark web is bad, but that level of anonymity makes a host of illegal stuff possible.

For instance, most of us spend our days on is just what’s known as the surface, or public, web.  Comprised of stuff like news & social media sites, blogs, & online retailers.   The surface web is everything that shows up in a Google search, but that isn’t even a fraction of the internet.  Google doesn’t index the deep web.

If your email is found on the dark web there’s a chance that it’s nothing more than that, an email address that the public can see. It doesn’t mean anyone has hacked into any of your accounts, or accessed any other information.

Selling Your Identity

However, there’s also the other possibility.  In addition, to personal information, you can buy anything from subscription service logins to passports on the dark web. And if your personal information makes it to the dark web, it can be bought on the cheap.  Stolen identities are quickly becoming big business.  Buyers can also basically buy a bundle that includes your full name, date of birth, Social Security number, account numbers, &  a collection of other data for as low as $30.

What To Do

  1. Scan Your Computer.  A virus scan of your computer is the smartest thing to do when your email is found on the dark web.  As a good practice, it is important to invest in virus & malware protection.  The best software for this is Norton for virus protection & Malwarebytes for malware protection.  
  2. Change Your Passwords.  Change all your passwords to new, unique passwords & lock those in a good-quality password manager.  It is important to update your passwords every 3 months or after a data hack, to prevent theft.
  3. Call Your Financial Accounts. Call your credit card provider instead of the one in the email.  The representative can confirm identity theft.  Credit card providers aren’t at all that concerned with your data being found on the dark web.  After all, they’re used to it.
  4. Your Credit Report.  Order copies of your credit report from Equifax, Experian, & TransUnion. (You can get these free once per year through &, after a major breach like this, getting all three at once to check for any possible problem is a good idea.) For added security, it’s probably a smart idea for you to use two-factor authentication for your most important accounts. Two-factor authentication adds an extra layer of security& and makes it significantly harder for a hacker to gain access.

The Dark Web Scan

If you have ever seen commercials for Experian’s free dark web scan?   It sounds like a pretty decent deal on the surface. You just need to give them your email & they’ll run a dark web scan for you.  These services are not scanning the entire dark web for your data. That’s just impossible.  No company that offers a “dark web scan” will tell you what they do, but we can certainly make an informed guess. These companies are gathering your personal information, like social security numbers & credit card details from common databases.  These databases are made public on popular websites on the dark web.

Companies will try to sell you this service.  Although most of this you can do on your own & for free.  As we’ve said before, the dark web is not indexed, so there is no way to find things unless you know exactly where to look.  If you think about it, you’d be paying these companies to tell you whether your personal information is floating around in the underworld, & if so, you’d respond accordingly.


Remember, security companies generally are using the dark web scan to convince you to pay for some form of adjunct service, like identity theft protection.  Above we have given you steps to take if your identity has been compromised on the dark web.  Following these guidelines & precautions will help you stay ahead of the identity theft game.