Emerging Threats

Dark web scans and dark web monitoring can help you protect your identity

Ever wonder what’s going on in the dark web, that mysterious slice of the internet in which criminals buy illegal drugs, swap pornography, and sell stolen Social Security numbers and credit card information?

One thing that might be happening? Cybercriminals might be buying your own Social Security number, bank account information, or credit card number.

A good chunk of the dark web is devoted to the buying and selling of stolen financial and personal information. And if your information ends up on dark web sites — for instance, after a data breach — an identity thief could gain access to it.

This criminal might then use your sensitive information to buy flat-screen TVs and computers with your credit card data, take out loans or open new credit cards in your name, or siphon money from your bank account.

This threat is real. To combat it, you might consider signing up for dark web monitoring.

What is dark web monitoring?

Dark web monitoring services scan this seedier side of the web to see if any of your information is available on it.

What kind of personal information is on the dark web?

What information do cybercriminals commonly sell on the dark web? Thieves commonly sell Social Security numbers, credit card and debit card account numbers, and log-in information for payment services such as PayPal.

And that’s not all. Cybercriminals can also sell driver’s licenses, medical records, passports, fake diplomas, phone numbers, and subscription services online.

The prices that cybercriminals fetch for these items can vary. For instance, criminals might pay $1 for a stolen Social Security number or from $20 to $200 for log-in information for your PayPal account. They might pay $5 to $110 to access your stolen credit card information.

As you can see, fraudsters can get just about anything they want from the dark web, and that might include your personal information.

A quick note for clarity: The dark web is different from the deep web. Content on the deep web also is not accessible by search engines — but it includes things like your online banking account or your health insurance account or a company’s private database, all of which require you to enter personalized credentials to access.

What is a dark web scan and how does it work?

You probably have heard the term “dark web” before. But what exactly is this place and how can a dark web scan help protect you?

Here are a few basics. The dark web is made up of sites that you can’t access through traditional search engines such as Google, Safari, or Firefox. You’ll need special software — most people use a browser that you can download for free, known as TOR — to browse this hidden section of the web.

Not everything done on the dark web is illegal. Dissidents might use the dark web to communicate with each other without their governments finding out. Journalists sometimes use the dark web so that they can communicate with sources while keeping these sources anonymous.

But even with these legitimate uses, the dark web is a dangerous place. It is often used by people selling illegal drugs or firearms. It is home to sites offering child pornography. And it is a haven for criminals who want to sell, trade, or share stolen financial and personal information.

This is where a dark web scan comes in. Companies offering these services will search the dark web for you, combing through the large databases of stolen usernames, passwords, Social Security numbers, and credit card numbers up for sale.

The providers of these scans will then notify you if they find your personal information on the dark web, giving you the chance to take action to help protect yourself against identity theft.

Be aware, though, that dark web scans can’t find everything. There is no way for a company to search the entire dark web. A scan can uncover when your data has been exposed. But it can’t find every instance of this.

What can I do if my personal information is detected on a dark web scan?

You’ve ordered a dark web scan and discovered that your personal and financial information is for sale. What should you do now?

There are steps you can take to minimize the damage.

Change your passwords

Security experts recommend that you change your passwords whenever you discover that your personal information has been exposed. Never use the same passwords on multiple sites, and make sure your new passwords are complex and difficult to guess. The more complicated your passwords — using a series of letters, numbers, and symbols — the better.

Notify your banks, credit card companies, and other financial services providers

If a scan finds that your credit card or bank account numbers have been exposed, call these financial services companies. You might need new account numbers to keep your financial information safe.

Monitor your credit card statements

Study your credit card statements carefully, looking for any suspicious purchases. If you do notice fraudulent charges, immediately contact your card provider. If you contact your bank or the card provider promptly upon discovering the charges, you may not be held liable for charges made by thieves.

It’s important to report fraud quickly: The Fair Credit Billing Act recommends that you report any suspicious purchases within 60 days.

If you do find fraudulent purchases, make sure to request a new credit card and account number from your card provider.

Order your credit reports

You’ll also need to monitor your three credit reports — one each maintained by Experian, Equifax and TransUnion — for any accounts that might have been fraudulently opened in your name. Also, that can help protect your credit score.

You can order one free copy of each of your reports once a year from When you order these reports, look them over carefully for credit card accounts or other loans that might have been opened in your name by fraudsters.

If you find any, contact the company that issued the card or loan and explain that you have been the victim of identity theft. You should also contact the Federal Trade Commission, or FTC, to file an identity theft report.

Freeze your credit

If you suspect that you have been the victim of identity theft, you should consider freezing your credit. Doing this will prevent fraudsters from opening further credit card accounts or taking out additional loans using your personal information.

Freezing your credit is free, but you must do it at all three credit bureaus. You can do this online at TransUnion, Equifax and Experian.

Where can I get a free dark web scan?

Norton LifeLock offers its own dark web scan. You can find information about this service here. If you are worried that your financial information has been exposed on the dark web, this service could help alleviate or confirm these fears.

Victim of a data breach? LifeLock monitors for identity theft and threats.

Norton joined forces with LifeLock, we offer a comprehensive digital safety solution that helps protect your devices, connections and identity.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.