Are My Details On The Dark Web?

  • 20th May 2021
  • Michelle Pace
  • Cyber Crime
Are My Details On The Dark Web?

Are My Details On The Dark Web?

Many cyber experts will tell you that it’s not a case of if your details are on the dark web, but how many times they have been posted on there. What do you need to do if our FraudWeb search finds your details on the dark web?

The first thing is to try not to panic - easier said than done, we know. Thousands of people every day have their details and identity stolen, and most companies will be able to support you.

Online threats are becoming more common in the quest for sensitive information. Your data can end up on the dark web for a variety of reasons, such as:

  • A data breach within a company
  • Viruses installed on your devices that collect sensitive information
  • Phishing emails, containing suspicious links that you have innocently clicked on
  • Scammers calling, claiming to be from a reputable company
  • Stolen devices that are not password protected
  • Card skimming/cloning

Cybercriminals can buy and sell your personal information on the dark web, with fees ranging from pence for an email address to hundreds of pounds for a full identity, all depending on the information required.

Email - you will need to change the passwords on all your email accounts. If you use the same or similar password on other online accounts, you will also need to change the password on those too.  If available, always use two-stage authentication on your email accounts, as this will help reduce the chances of your accounts being hacked.

Hackers will attempt to access multiple sites using your email address and password. If you use the same details across many websites, they will be able to access any accounts you have with those sites.

Address – if your name and address are matched, you are at risk of someone trying to use your identity. However, anyone can find this information via other sources, such as the phone book, if you haven’t asked them to withhold your details. 

bank details on dark web

Bank account – there are two types of risk, partial and high. 

If the risk is partial, your sort code and account numbers are at risk. It is unusual for money to be removed directly from your account with these, as a signature is often required. However, you must inform your bank if this information is on the Dark Web so that they can monitor for any suspicious activity.

High risk is when credit cards and debit cards registered in your name are available. You must contact your bank and all credit card companies if this happens. Request that they cancel all of your cards because your information is on the dark web. 

You must also check your bank and credit card statements regularly for any activity you do not recognise. If this happens, you must inform your bank and/or credit card company immediately. Also, closely monitor your credit report for any suspicious and unusual activity and alert the company that you use as soon as possible.

Phone - this can either be a home phone number or a mobile phone number associated with your name. Having this information on the Dark Web could mean you get unsolicited phone calls.  If it’s your mobile number, your main option is to block nuisance numbers or change your phone number. You can also report nuisance calls of any type to Ofcom.

Online Username- you are only at partial risk if we find your username. However, if we also find associated passwords, then you are at high risk. If this happens, you must:

  1. Check activity on all your accounts and that the email address associated with your account hasn’t been changed.
  2. Change the passwords on ALL of your accounts.
  3. If you find suspicious activity on one of your accounts, inform the website to whom the account belongs. Most have procedures that will help restore your account.
  4. If available, set any accounts up with two-stage verification. This means you will need to add an additional level of security when you log in to your accounts. This can often be your mobile number. That way, when you try to log in to your account, you will receive a text message with a code you need to enter on the site in order to continue. Facial and fingerprint recognition is also an added layer of security.

Date of birth – if your name and DOB are available, these could be used for identity theft. Remain vigilant on any post or phone calls you may get that could be connected to someone trying to use them.

passport on the dark web

National Insurance Number – if this information is found on the dark web, someone could be using your identity. We recommend that if this happens, you contact HMRC to inform them someone else could be using your NI number. Be aware that there are fraudsters scamming people regarding N.I. numbers and even pretending to be from Royal Mail. If a call appears suspicious, hang up and access HMRC by another method, such as using a search engine to find a genuine number, to certify authenticity. 

Passport – if you find your passport number is available on the dark web, you must inform the Police and Action Fraud and the Passport Office immediately.   

Driving Licence – if your driving licence number is found, you need to inform Action Fraud and the DVLA immediately.  

Our advice to stay safe online:

  • Utilise your full FraudWeb search with your free Notty Account.
  • Always use two-factor authentication with online accounts where available. 
  • Never click a link from an email, visit the website using a browser and find the page.
  • NEVER use the same usernames and passwords for your online accounts, always create unique passwords.
  • Install a cyber care or anti-virus software product on your devices, such as the one you get with your Notty Account – CyberCare4U, which includes McAfee and a password manager.
  • Never save your password or login details on a PC, tablet or mobile phone that is not yours.
  • Shred any documents that contain personal details before disposing of them.
  • Check your bank and credit card statements every month for any unusual activity.
  • Do not give anyone your personal information unless you know who they are. Banks will never ask for your PIN or full password.
  • Do not open or respond to phishing emails.
  • Keep your devices updated - new updates provide the latest security patches etc.
  • Fraudsters will try harsh tactics, including threats, to force you into making rash decisions. If this is the case, terminate the call, have 20 minutes away and call the company back to verify authenticity. If you owe sums of money, it is unlikely that a company will call you out of the blue and demand payment there and then. 

Practice online safety, either before security threats happen or as soon as you notice.

If you wish to report your information having been stolen or a cybercrime has been committed, you can report it here at Action Fraud. 

If you suspect you have been a victim of a phishing attempt, you can report that here

You can also call Action Fraud on 0300 123 2040, to report fraud or ask for advice.