Do you have doubts that your email address is found on the dark web? And you received alerts from your antivirus software or other services telling you about potential risks because your email appeared in data breaches?
So, keep reading, I’ll show you what that means and what you can do to protect your personal details such as email, numbers, and others from being used on the dark web by scammers as on the regular Internet.
What to do first?
If you got an alert from security tools like McAfee, Kaspersky, Avast, AVG, or others about an important security threat about compromised email, then don’t panic. So, when they’ll inform you that your email address was found on the dark web, relax and read this guide fully. That’s the most important thing you should do as a reaction.
Even if a scammer sends you a message and tells you that he has your email address, that doesn’t mean he is actually using it. But they may be trying to use that as a way to get money from you when you can verify that first.
If you start jumping from one account to another assuming that a hacker will steal your money or social media accounts, then you’re not going to fix the problem. Instead, keep calm and think about the whole situation.
You’re not the first person with a compromised email address on the dark web. That happens to millions of users from social media websites, blogs, and even high-profile companies. In fact, nothing happened to many of them because they know how to deal with such data breaches.
Here is one example of an alert with LastPass which is a good password manager tool. Thanks to their partnership with a company called “enzoic” they can scan the dark web for an email address that users have.
Then, if that email is found, he gets an alert like the following one on a screenshot to update it. So, you might have received one of such security alerts.
Stop using your actual devices
When you get a dark web alert about a compromised email address, start by using a different computer or phone from the ones you use normally. If you receive messages from random numbers, that could mean the person behind that number is trying to hack your phone or get some details.
By avoiding using your phone and laptop, that’s a good way to save time and completely eliminate the risk of being monitored by adware software or suspicious tools that you installed or even don’t know about on your devices.
If you’re one of those who install apps from any source, even on iPhone, Mac, or any brand of laptop or smartphone, then it’s better to block the spy and turn OFF the WiFi and cellular data on those devices to block any new unauthorized access remotely.
It could be possible that someone is getting your logging details including email, password and even uploading data from your phone without you noticing that.
That’s why blocking access to your devices is the first thing to do especially if someone is already monitoring you and watching you from the camera etc…
Change your login passwords on that email
This is not as easy as it looks like if you have hundreds or even more accounts with your password and email address. But you need to make a shortlist of the most sensitive accounts you need to protect like your banking accounts, social media, Google, etc…
Once you have that list, start by login into each website or app individually, next find the password change options and click on them. After that, generate and use lengthy passwords with 20, 30, or even 80 characters on them using good password management tools such as LastPass that save all those details on the cloud securely.
But what I recommend is to save all your passwords for now even on paper just to make sure you’re not going too fast and updating the login details and then finding yourself forgetting all the new ones you changed. Organize your task and change all of your passwords with the email address you found leaked on the dark web carefully.
Enable Two-Step Authentication for all sites
To make sure no one can access your online accounts, many apps and sites offer Two-Step Authentication which is powerful, but not that popular among seniors who still use one password for every account they have online.
So, for your online safety, make sure you enable the extra layer of security to your profiles. Most sites like Facebook, PayPal, Instagram, and others have those options. You need to add the Google Authenticator app to your phone and verify it.
After that, when you log in again to your account, the site will ask you for the 6-digit codes that the app changes automatically every 60 seconds. Hence, if you fail to type the codes correctly, you’ll be locked out of your account, and to fix that problem you should save and print your backup codes to use in an emergency.
That is the only way to recover your account after losing the Google Authenticator codes. Accordingly, always take this step seriously and ensure that you save your backup codes correctly on your devices and use the old-school paper printing method.
Verify your logins and account activities
This is crucial if you want to secure your accounts after discovering that your email has been compromised in data breaches and so on the dark web. Google, for example, shows the list of devices that accessed your accounts and you can see the IP address, location, browser type, and OS. Thus, you can disable location sharing on your phone or computer.
To access the Google security page follow the next steps:
- Click on your photo from the Chrome web browser or when you’re already logged into Gmail.
- Next, click on the “security” tab from the left navigation menu on the desktop.
- After that, scroll down until you see “Your devices” and click on it
- Now, click on the “manage devices” link that will show your phone or other laptops
- Finally, click the 3 dots next to that device name and then, “sign out“
Here is how to find the Google security page on the next screenshot.
And here is how to sign out all devices.
From there, you can log out on everything and at the same time, check if there is a login session you don’t recognize. When you sign out of all websites on Chrome or Apple iCloud, you block any suspicious login.
If that login is not you, make sure you come back later and see if there is any new login because you changed the password and enable the two-step authentication. That way, everything will be more secure this time.
Inform your most important services or partners
Here is what to do if someone is using your email, first create another email using a different device. Then, contact your partners or companies that you email often and tell them that your email was hacked and someone else is using it.
That way, they can secure your accounts with them, and block unauthorized requests from that email until you recover it back. This is important, especially with online services and payment solutions such as PayPal, credit cards, etc… The faster you inform these providers, the better you will manage the problem.
Think about using a VPN
If someone gets access to your email address because they’re intercepting your Internet connection, they can see what’s happening in your home network and WiFi. But that’s not always valid, and it’s recommended to think about using a VPN that encrypts connections on smartphones and laptops.
That means, even if someone is monitoring your computer or cell phone, the VPN can help a lot in hiding your real IP, location, and more details because the high level of encryption makes it harder for strangers to do what they want.
When choosing a VPN service, make sure it’s trusted by thousands of users, and there are lots of reviews about them. You don’t need to waste time with tools that no one is using or that have been identified as adware-related spammers.
Remove all browser extensions
You don’t have an idea of how easy it would be for scammers to install tracking adware extensions in your Chrome browser. Even by opening an email and clicking links inside it, you can get malicious code that asks Google Chrome to download and install such tools without your knowledge.
Now take a look at your Chrome list of extensions, remove the ones that you don’t use, and if you find hidden extensions you never used, don’t be surprised. But before removing them, take note of their name and take a screenshot for later investigation.
To access the list of extensions on Google Chrome, click on the Three dots from your profile photo in the web browser. Then, find “More Tools” and “Extensions” like the following screenshot.
Don’t use other people’s devices
It happens that sometimes, we may find ourselves in the need to check important emails from a friend’s phone or laptop after asking for their permission. But if you did that, then it’s time to stop doing that risky email check even if you trust that person and they’re your:
- Family members and coworkers.
You don’t know what these people are using on their smartphones or computers, and they may have been hacked themselves without being aware of that. Also, when you type your email and password into someone else’s device, scammers can read that if they installed software or mobile apps on that phone.
In one word, your email is being shared on the dark web probably because you’re using other people’s computers like yours, and you don’t know how bad that could be. So, from your online security, never login from people’s devices to check your social media accounts even when you have problems using your phone.
Stop using public WiFi with your accounts
How many times have you been using WiFi in public places, cafes, and restaurants to check your email and social media posts? That’s the easiest way for people to get your email address and see what you share on Facebook, Instagram, and Gmail emails. Public WiFi can expose your sensitive details like real name, phone number, usernames, device type, brand, serial numbers, etc…
That’s not all; once someone decides to attack your devices on public WiFi, he can download all your list of contacts and even see your friend on Facebook. Even more, they can read your email and see your passwords and usernames when you log in.
Of course, that’s not for everyone, that person should be an expert in security and computer systems, but nowadays, even a kid can do such hacks if he has the will to do that.
It’s better to wait until you are back home to check your emails, and if it’s urgent, enable data on your cell phone plan and install a VPN that protects your Internet connections. That’s much better than allowing others to intercept all the data that your phone sends and receives when being on public WiFi.
Update your device’s software
It doesn’t matter if you update your Mac or Windows software a week or a few days ago, if you’re not enabling automatic updates it’s not that effective in preventing hacks by email or other ways. You should think about the way you use your phone as well, you don’t need to manually install every update, and when it’s a security-related release, it should be installed immediately.
iOS, Android, and other operating systems like Windows have their own security measures, and once there are any new data breaches announced or bugs found, they’ll update the code and send immediate download requests to millions of devices.
Rethink about antivirus tools
Mac and iPhone devices are much safer than others, especially those that have Windows installed. If you keep your Apple devices up to date, and you don’t install code or software from any other sources rather than the official Apple store, you should be safe.
On the other hand, if you have a Windows-powered computer, you should think about the antivirus software you have; many are useless and come with more problems than solutions.
Windows Defender is the built-in security software that checks for updates and installs them when your computer is connected to the Internet. So, avoid installing antivirus tools that slow down your machines and make them weak in front of attacks. Instead, look for well-known antivirus tools that have long years of experience and are from established companies.
When you don’t use your devices, turn Off WiFi and cellular data to prevent others from accessing your files when there is adware installed. Also, verify your list of files, folders, and activities when you have doubts about being hacked.
Furthermore, don’t give your devices to anyone even if they ask you to check their email; they can install a hidden monitoring tool and see every single password and login email you type.
Check if your email and details are on the dark web
There are techniques to find the sites linked to your email address. But scanning the whole dark web is not possible because no one knows exactly the size of it. There are just estimates that the dark web is many times bigger than the visible web. So, if there are 10 million websites, for example, on the Internet we know, then expect to find billions of sites on the dark web which is a lot.
The Internet we know, that’s public and easy to reach, is just the visible part of the iceberg which is the deep web.
So, to use the best search engine for the dark web, try the following solutions I recommend. Some of them have exclusive databases, while others can get more information from reliable databases in the USA.
Dark web search engines
Now, here is how to find out if your information is on the dark web; first use a trusted background search service that uses the email address or the name. That’s the best way to check if your email and name appear on the dark web, and luckily, there are a couple of tools that are able to trace this specific type of data in minutes.
Dark web search engines have the resources and server configurations to scan billions of web pages using the Tor browser or other technologies. In other words, it’s not that complicated for advanced search engines to show you if your details including your Gmail address, full name, SSN, or phone numbers are being used on the dark web.
Use the TruthFinder tool
TruthFinder is a reliable background search service in the US, and you can use it to scan the dark web and see if your email address has been shared or published somewhere on databases, data leaks, etc…
All you have to do is type your email address into the search box, then validate and wait for the tool to scan the huge databases of data and show you the report after that. Don’t be surprised to find more details than you expected as these are top-notch algorithms that uncover more details than other similar solutions. They can even show you the hidden accounts that others created with your email address or mobile number and much more.
What can someone do with your email?
The email address on its own is not as dangerous as many people think. However, by using your email, strangers can look at your personal details and know about your real name, phone number, ownership details, and even social media accounts. However, others can’t log in with your email because they need to have a password that you can change immediately as in the steps above.
Even if somebody tried to reset your passwords from Facebook or other accounts, he’ll need to type your phone number and have it on hand to receive the confirmation code. That’s probably what happens in most cases when websites detect unusual login locations from the IP addresses that you never used before.
That means, even by doing nothing from your end, it’s not that easy for others to get your accounts and access them just because they found your email address.
That being said, if that person has also found your password in addition to your email address on the dark web, then you have to take action immediately and change all your passwords. Moreover, identity theft and fraud are among the things that hackers can do with your email address (if they’re bad guys).
For that reason, I highly recommend checking your email inbox to see if there are any messages you don’t recognize. Scammers can reply to someone else’s request from your account. So, people can do many things once they have your Gmail account. That includes the following:
- Reading your emails
- Changing passwords for your banking accounts
- Access your social media apps, and dating accounts
- Update your website usernames
- Uncover more details about you
Even more, scammers can cause problems for you by contacting companies or authorities and sharing details on the dark web with your email address as a reply option. Additionally, many scams use fake emails or ones hacked from dark web databases.
Now, if someone hacked your Gmail or Yahoo account, immediately change your password and enable the Two-step login. But if you’re locked out of your email because of a hack, then Google has a good guide on how to secure a compromised account, so make sure you read it.
On the other hand, if you’re using any of the Microsoft email services, it’s better to follow their guide on how to recover your email after being hacked.
In all cases, always verify the settings of your email account, check if there is any message forward, folder, or configurations that look suspicious, and remove them.
How to get your email off the dark web
The fact that you know that someone already has your email address on the dark or deep web, shouldn’t make you anxious all the time. Relax and do the above recommendations to secure your accounts first. Then, change the password and enable multi-layer login. But if you want to completely remove your email address from the dark web, that’s not as easy as it looks like.
In the visible Internet that billions of people use every day, removing a single piece of information from websites will need emails, messages, and even follow-up to get it to disappear if you’re lucky.
Add to that that removing any personal information from Google search is a real pain when there are dozens of pages and sites. So, imagine if you do that on a scale of 100 times more, on websites that you don’t know?
So, it’s more complicated to get your email off the dark web even if you see where it appears. There could be more databases that shared that email with millions of others. And consequently, it’s better to secure that email address if you should keep using it, then make your accounts well protected and everything will be okay.
However, sometimes people may have already accessed some of your accounts if you use weak passwords like your phone number or other details that are easy to guess. In all cases, you need to review your profiles and banking accounts as I said earlier before thinking of removing your email from the dark web which is more complicated and even impossible.
Report identity theft
If you found that not only Your email is on the dark web, but also, your full name, home address, and details like Social Security Number, then you should report that to prevent Identity theft. There are many ways to prevent scammers from stealing your identity. For instance, the US governmental site IndetityTheft.gov allows you to report the incident and get a recovery plan.
When there is a need to ask a professional to monitor your online identity and help you remove your data from websites and databases, you can search for an Identity theft protection service in the US. Some of these solutions have powerful systems that work with different providers and companies to trace your email and find who’s using it on websites in your name or in other ways.
To summarize, if you find your email address compromised in data breaches and leaked on the dark web, it’s time to secure your accounts with a new strong password. Then, enable two-step authentication after verifying your activities and checking if there is any suspicious login or device you don’t use.
Also, make sure you check if there is an IP address that accessed your accounts on Google or other sites and blacklists it. Next, remove the device behind that suspicious login, so it will be logged out instantly.
By following the above tips, tricks and details, you know what to do if a scammer has your email address. You should never reply to email scams even if they ask you for money. Instead, report that email to local authorities and show them the IP address if there is any (they are probably hiding it with a fake one).
After that, scan your devices for malware and viruses, and if that needs a factory reset, do it and save yourself lots of time dealing with such problems.