The dark web is a part of the internet that is not indexed by regular search engines and can only be accessed using specialized software. Because the dark web is far more private than surface internet, it is attractive to cybercriminals, who use it to share and sell stolen information.
In the event of a data breach, your credentials would likely end up on a dark web marketplace or forum. But how would you know if your email address has leaked? And which steps could you take to protect yourself?
How to Know if Your Email Address Is on the Dark Web
Browsing the dark web to figure out if your email has leaked is not an option—a thorough investigation would require countless hours and a tremendous amount of effort, but most likely yield no results. Still, there are other things you can do to check if your email account is compromised. Here are three ways.
1. Take Note of Suspicious Activity
Suspicious and unusual activity is a reliable sign your email account has been hacked. For example, if you notice your recovery email address or phone number have changed, it is highly likely your account has been compromised. Obviously, being unable to log into your account due to a password change is another clear sign of a breach, just like unknown messages in your outbox and sent folders.
2. Check Have I Been Pwned
Have I Been Pwned is a website that you can use to check if your data has been compromised in a breach. The tool, which is free, scans the web for database dumps and collects information. All you need to do to check whether your email or password have been hacked is type them in—if you have been “pwned,” you’ll know exactly when and how.
3. Invest in a Dark Web Monitoring Service
The best and costliest option is to invest in dark web monitoring. Many cybersecurity firms and anti-malware providers offer such services. Simply, they scan the darknet for your information. This is not limited to email addresses, but also includes phone and bank account numbers, identity information, medical records, and so on.
What to Do if Your Email Has Leaked to the Dark Web
What can you do if you establish your email address and password are on the dark web? Is it possible to remove all traces of it? Unfortunately, the answer is no. But you’re not helpless.
If, say, your email credentials were for sale on a surface web forum, you could contact the forum’s hosting provider or even law enforcement, but on the dark web this would be useless. The dark web is decentralized, lawless, and anarchic. There is no authority you could appeal to, and it would be next to impossible to establish who hacked your account, and who is selling access to it on the dark web.
But you can try and mitigate damage if your email is found on the dark web, and if it is or was being used by an unauthorized third party. Here are five steps you can take in that situation.
1. Change Your Passwords
The first thing you should do is change your password. Make sure you create a complicated and unbreakable password that you won’t forget; one that includes capital letters, numbers, and special characters. Do this for all of your accounts, and not just the one that’s been leaked to the dark web.
2. Enable Two-Factor Authentication
Two-factor authentication (2FA) requires an additional proof of identity on top of a password. Securing your email account with 2FA is a great and convenient way to create an added layer of protection and ensure others can’t access your account.
3. Run Your Antivirus Software
There’s always the possibility your credentials were stolen through phishing, or in a malware attack, so you should run your anti-malware software if your credentials have leaked to the dark web. Don’t panic if you can’t afford to have powerful antivirus suites installed on all of your devices, because there are several great tools that get the job done for free.
4. Check Your Bank Account
Monetary gain is the main objective of most cyberattacks. It is more than likely that your email address is in some way linked to a financial service or two. Check your online banking account and contact your bank to see if someone has accessed it and look for unauthorized transactions.
5. Notify Your Contacts
When cybercriminals hack into an email account, they sometimes use it to send phishing emails and deploy malware. Even if you manage to take back control of your email quickly, some damage may have already been done. In any event, you should let your family, friends, and colleagues know what happened.
The tips listed above should work in the vast majority of cases. Still, the best and safest option in some situations might be to create a new email account. Unlink all of your accounts from the compromised address, from banking to social media, and connect them to a brand new one. And once you do that, you can secure that address with a complicated password, two-factor authentication, security questions, and other similar mechanisms.
And if you want to take your security and privacy to a higher level, consider switching to an encrypted email service. Such services are much safer than Gmail, Yahoo Mail, or Outlook, and seldom targeted by cybercriminals because they use zero-knowledge encryption.There are several good encrypted email providers, including ProtonMail, TutaNota, and Mailfence. Most have both free and paid options.
To ensure maximum safety, you should use several email addresses, as opposed to just one. Creating separate accounts for social media, newsletter subscriptions, work, and financial services can go a long way in decentralizing your online presence and securing your devices from cyber threats.
Enhance Your Email Security to Stay Safe
In order to protect prevent unauthorized access to your personal data and ensure it never leaks to the dark web, you need to enhance your email security.
With that said, staying safe online requires more than just protecting your email account, so make sure you familiarize yourself with the basics of cybersecurity.