SafeWeb Support Hub

Follow our guidance to minimise the risk to your personal information

What should I do if SafeWeb notifies me that my data is on the dark web?

If our SafeWeb Dark Web Monitoring Tool finds your information on the dark web, you’ll receive a notification that specifies what kind of data has been breached. Finding out your information is on the dark web can seem alarming. But don’t panic — you can still take action and protect your data. It’s important to inform the Information Commissioner’s Office (ICO) within 72 hours of receiving a notification. However, the next steps you take will depend on the type of data that has been exposed.

Read on for advice on what to do if you receive a SafeWeb notification and how to minimise risk.

Emails

Passwords

Credit cards

Personal records

Social media

What happens if my email address is on the dark web?

If your email address ends up on the dark web, you could be at risk of phishing attacks. Phishing is where emails are sent to entice a victim to share sensitive information, such as credit card details, or download a malicious file that will install viruses on their computer or device. They often ask you to click on a link that takes you to an unsafe website and downloads a virus to steal your personal and financial information.

What should I look out for?

Keep an eye out for any suspicious-looking emails. Phishing emails tend to:

  • Claim to be from someone official (such as a bank or a known contact)
  • Ask you to respond within a short time-frame and
  • Aim to evoke emotion to persuade you to engage with the content.

You can report suspicious emails to the suspicious email reporting service at the UK Government’s National Cyber Security Center.

What action can I take?

If your dark web activity notification reveals that your email address has been exposed, the main action to take is to change any usernames for accounts that use this email address.

How can I prevent email breaches in the future?

We use our email address as the basis for dozens of accounts. As such, it’s essential to take security measures that will reduce the likelihood of an email breach.

  • Firstly, always be alert to suspicious emails — don’t click on links or open files unless you’re confident the email is from a trusted sender.
  • Never give any personal or sensitive information over email.
  • Be cautious when using public wifi as these networks may not be secure.
  • Update your software and apps regularly.
  • Change your email password on a regular basis, choosing strong passwords.
  • Consider using a trusted VPN.
What does it mean?

You probably use dozens of passwords every day. They’re intrinsic to web surfing and accessing your online accounts. That’s why a password breach can cause so much damage. Cybercriminals may use your passwords to hack into your personal accounts. If a hacker gets hold of your password along with an email address or username, then the risk of identity fraud increases.

Once a hacker has your password and email address, they might target your contacts with phishing emails or social media messages.

They may also be able to access your financial accounts with a breached password, allowing them to make illegal transactions.

What should I look out for?

Depending on the password that’s been breached, you need to look out for irregular activity on the related account. Monitor your bank account, social media accounts, and email address, and report any suspicious transactions, posts, or messages.

A friend or relative may alert you if they’ve received unusual contact from one of your accounts.

What action can I take?

If you get a notification from SafeWeb revealing compromised passwords, you can:

  1. Change your password on any websites or apps that used the affected password.
  2. Ensure your new passwords are strong. Use a long word and include numbers, symbols, and a combination of upper and lower case letters. Don’t include easily-identifiable information.
  3. You may wish to use a password manager to generate strong, unique passwords for the affected accounts.
How can I prevent this in the future?

The most common way for hackers to obtain passwords is by stealing them from your clipboard. They may also copy your keystrokes or save the title of your window as you are typing. Some hackers can disable your antivirus software whilst doing this.

To reduce the risk of exposed passwords on the dark web:

  • Regularly change passwords for your accounts.
  • Use different passwords for each account or website.
  • Make sure passwords are strong and do not contain easily-identifiable personal information.
  • Use a password manager where possible.
  • Never write your passwords down.
  • Never share them with anyone.
  • Use two-factor identification where possible.
  • Be cautious when using public wifi networks.
  • Update software and apps regularly.
  • Consider using a trusted VPN.
What does it mean?

Credit card details exposed on the dark web may be bought for as little as $9. Whilst it can be difficult to use a credit card without other personal data, such as the card’s CCV number, cybercriminals can use the credit card information to create a convincing phishing email. They may impersonate your bank or credit card provider and encourage you to click on a link. The link will likely take you to an unsafe website that could download viruses onto your computer which can steal further personal and financial information.

Sets of complete payment data, inclusive of a card’s CCV number, have been found on the dark web to buy for only $270. Once obtained, a scammer can use your financial information to make fraudulent purchases.

What should I look out for?

It is vital to monitor and identify any irregular activity on your credit card and report any unusual activity to your financial provider immediately. It is also important to be able to identify suspicious-looking emails — sometimes, phishing emails can be very convincing.

If you receive questionable emails, report them to the suspicious email reporting service at the UK Government’s National Cyber Security Centre.

What action can I take?

If your SafeWeb data breach notification reveals that your card details are on the dark web:

  1. Contact your bank or credit card company to cancel your card and get a replacement.
  2. Monitor your account closely.
  3. Report any suspicious activity to your financial provider immediately.
How can I prevent this in the future?

Cybercriminals often use hacking techniques to steal financial information. Common techniques include:

  • Phishing – an unsolicited email impersonating a financial institution. They’ll ask for your financial data.
  • Malware – a cybercriminal will trick you into downloading a virus that steals your data.
  • Skimming – a device on a card reader steals information when the card is swiped.

Reduce the risk of exposed card data by:

  • Being alert to suspicious emails.
  • Never handing out sensitive information unless it’s to a trusted source.
  • Being cautious when using public wifi.
  • Updating software and apps regularly.
  • Using a trusted VPN if possible.
  • Protecting hard copies of personal data – shred documents that contain your information and remove letters from letterboxes. You may wish to opt for paperless reporting where possible.
What does it mean if my personal records are on the dark web?

‘Personal records’ covers an array of information, including your:

  • Name and address
  • Date of birth
  • Mother’s maiden name
  • Driving license
  • Passport number
  • Phone number

If a cybercriminal gets hold of this data, they may use it to commit identity fraud. They can hack into online accounts or produce targeted phishing scams. The more pieces of personal information that are exposed, the more sophisticated the fraud or phishing scam is likely to be.

What should I look out for?

Sometimes, cybercriminals can gain access to your online accounts by using knowledge of your personal data. Monitor your financial accounts, such as your bank account, for irregular activity. If you do notice unusual activity, report it to your financial provider immediately.

Exposed phone numbers may result in phishing phone calls or text messages. Scammers will call, claiming to be from a trusted institution (such as your bank), to get sensitive information from you. Phishing texts, similarly to phishing emails, persuade you to click on an unsafe link that can download viruses on your device and steal sensitive information.

You can report suspicious phone calls or texts directly to your phone provider.

What action can I take?

If your SafeWeb notification reveals exposed personal records have been exposed, take the following steps:

  1. Report any suspicious bank account activity to your financial provider.
  2. Report any suspicious calls or messages to your telephone provider.
  3. Consider removing your phone number from the national directory by calling your telephone provider.
  4. Apply for a replacement passport if a passport number was exposed.
  5. Shred any hard copy documents that contain sensitive information.
How can I keep my personal records secure in the future?

You can reduce the likelihood of further incidents involving exposed personal records by:

  1. Never giving out any personal or financial information over the telephone.
  2. Getting a locked postbox and shredding documents that contain sensitive information.
  3. Opting for paperless delivery wherever possible.
  4. Updating your phone or device apps and software regularly.
  5. Using 2-factor authentication wherever possible.
  6. Minimising the amount of publicly-available personal information that is publicly available by removing your phone number from the national directory and opting out of the electoral roll open register.
What happens if my social media information is on the dark web?

Social account information can give cybercriminals access to your social media platforms. If somebody hacks your account, they may use it to send phishing scams to your contacts. Not only does breached social account information put you at risk, but it can put your friends and family in the firing line, too. Your contacts may be more likely to open direct messages and share sensitive information or download because they think the message is from a trusted friend: i.e. you.

What should I look out for?

It is vital to monitor and identify any irregular activity in your social media accounts. This could include not being able to log in, seeing posts that you didn’t create or messages in your sent box that you didn’t write. Report any unusual activity to the host website.

A contact may alert you, saying they received an unusual message from you.

What action can I take?

If your Dark Web Activity Notification reveals that social account information has been exposed:

  1. Change your password to a new, strong password. Choose one that is long, contains both upper and lower-case letters, numbers and symbols. Make sure it doesn’t contain any easily-guessable personal information such as your name or birth date.
  2. If you use the breached password for any other accounts, change those too.
  3. Monitor your social media account closely for any unusual posts or activity. You might want to reach out to friends and family to see if they’ve received any messages from your account.
  4. If you do see suspicious activity on your account, report it to the host website as soon as possible.
How can I prevent this in the future?

The most common way hackers obtain social account details is through stealing the information whilst you are online. They can disable your antivirus software whilst doing this.

To reduce the likelihood of further incidents of exposed social account information:

  • Regularly change your passwords
  • Make sure passwords are strong and unique and don’t contain easily-identifiable personal information
  • Use a password manager where possible
  • Do not write passwords down, or share them with anyone
  • Use two-factor identification where possible
  • Be cautious when using public wifi as these networks may not be secure
  • Update software and apps regularly
  • Consider using a trusted VPN

Take action today to protect your data.

Take action today to protect your data.

Enter your email address to take action.