As much as we love the convenience of our digital world, we know a hefty price tag can come with it. The world is full of bad actors whose goal is to get their hands on our sensitive, personally identifiable information, or PII. Should you find your PII is for sale on the dark web, it helps to know there are options for doing something about it, even if you think it’s too late. Just some of that hijacked PII can include passwords, email and physical addresses, Social Security numbers, financial accounts, and much more.

You can always hope your PII won’t ever be stolen, but these days hope won’t keep your personal data safe. That’s especially true since hackers have added options for making even more money off of stolen PII. Of course, they can use it themselves, and they can also sell it on the dark web. Data theft has become so pervasive that Apple, Google, and other businesses have added dark web scans for their users, alerting them if their PII has shown up on the dark web.

Below is a screenshot from an actual criminal stor on the dark web.

Opportunists that hackers are, the Federal Trade Commission’s (FTC) Consumer Alert reports cybercriminals are now using email phishing to send bogus “dark web alerts” to users. These emails have one goal, which is to steal even more PII by telling the recipient their data was found for sale on the dark web. In the email, they might use data they’ve already stolen from the victim, to appear more legitimate.

Data Security Options

The FTC believes the dark web email alerts deserve more than a discerning eyeball. Approach one with a healthy dose of skepticism, because after all, it could be email phishing. Should you receive one of these bogus email alerts, the FTC provides four ways users can help protect themselves against financial loss from identity theft. Being cyber-smart about data security options is highly recommended.

Don’t click a link or use a phone number in the message. It could be a “phishing” email, designed to trick you into disclosing sensitive information to scammers. If you think the message is legit — for example, if you have a credit monitoring service or a credit card with a company that monitors the dark web — contact the company using a website or phone number that you know is real.

Change your passwords to secure your accounts. Start by changing the passwords on your email accounts. Email accounts often are the weak link in online security because password resets for other accounts go to your email. If your email account password has become known, then an identity thief can log into your account and intercept your password reset emails. Be sure to use different passwords for each account and, if the account offers multifactor authentication, use it for added security.

Check your credit reports. After securing your accounts, make sure nobody has opened new accounts using your information. Visit AnnualCreditReport.com to get an annual free credit report from each of the three nationwide credit bureaus. While perhaps a bit excessive, through December 2023, you can get a free credit report every week from each at the website. If you find an account or transaction you don’t recognize, visit IdentityTheft.gov to report the identity theft and get a personal recovery plan.

Consider freezing your credit. A credit freeze, also known as a security freeze, is free to place and remove and is the best way to protect against an identity thief opening new accounts in your name. Alternatively, place a free fraud alert on your credit to make it more difficult for an identity thief to get new credit in your name.