1. Scan Your Computer

We believe that starting with a virus  scan of your computer is the smartest thing to do when your email is  found on the dark web. Doing this before changing any passwords is the  safest possible course of action.

Why?

There is a long list of viruses that can all monitor your activity and log your keystrokes and passwords. This sort of thing has been around for a while.

If  you happen to have one of these forms of malware on your computer,  changing all your passwords will be a waste of time. Those will all get  logged as well.

This is why it’s crucial that you do a  double-check of the security on the computers you use to log in to  various accounts. Even if you’re someone who stays on top of this sort  of thing, all it takes is one virus to slip through the cracks.

You  probably have some sort of antivirus software pre-installed on your  computer already, so start with them. If you don’t, there are plenty of  free options to get you started. Kaspersky for PC and Avast for Mac are two great options.

Once  you’re sure that you don’t have any malware on your computer that’s  responsible for your email being found on the dark web, you can continue  on to the next step.

2. Step Up Your Password Game

This is the most common fix people think about when they find their email on the dark web. There’s a reason for this, it works.

Emails  found on the dark web are far more likely to be the victim of phishing  scams and hacks. These are far more likely to be successful when  passwords haven’t been changed, or if the same password is used for all  accounts.

**Quick tip** – If you want to create a password that’s as secure as possible it should have the following traits:

  • Be lengthy. 12-15 characters is a good target

  • Avoid using real words

  • Combine uppercase and lowercase letters

  • Add numbers and symbols

First,  you should deal with the email in question. You’ll want to change the  password you use to access it and consider setting up two-factor  authentication (more on that later). This is often the first place  attacks start when an email is found on the dark web, so it makes sense  to protect it first.

Then you’ll want to work your way down the  line of any websites or accounts tied to this email address. Each of  these will require a new password too.

If you want to play things  super safe you can create a separate password for each profile you  have. This will require you to use a password manager like 1Password or LastPass (unless you have a freakishly good memory).

If  you’d rather not go that route, we recommend coming up with two or  three passwords that you can remember on your own and spread those  across your various accounts and profiles. Then replace them every few  months.

3. Make A Garbage Email

During this stage, you  might want to consider creating another email account that can be used  for unimportant profiles. So many sites require a sign-up process these  days, and having them tied to your main email account isn’t ideal.

The  reason for this is if there’s a data breach on one of these unimportant  websites, your primary email won’t be found on the dark web. It’s way  better to have a burner email floating around than the account you use  for banking and other important tasks.

Another advantage of this  is it will save you time in the long run. If this garbage account is  truly tied to websites and profiles you don’t care much about, you can  always just scrap it and move on. You won’t need to spend a ton of time  going through each site and updating all passwords.

It might seem  like a pain to have multiple email accounts, but it’s really not that  much extra effort. It only takes a minute to create a new one, and the  additional security it provides makes the time spent a no-brainer.

Some people even run with three email accounts to protect their most important information even further.

This  will typically look like one primary account for business and banking,  another for personal correspondence and important accounts (like Amazon  or Facebook), and a junk account as a catch-all for what’s left.

This  means that your most important accounts are further protected from a  breach and if one of these emails is found on the dark web, there’s less  damage control you’ll have to do afterword.

4. Check On Your Financial Accounts

A Brief Panic Squelcher: This is rarely an issue for people with emails found on the dark web, but it’s smart to go through this process anyway. 

At  this point, you should’ve already updated the passwords tied to any  banking websites you use (and ideally set up two-factor authentication).

Now it’s time to take a closer look at your accounts.

Make  sure no money is missing and no strange activity appears to have  occurred. If you notice something, get in touch with your bank.

If  everything looks fine, check back in a week or two and verify. Then do  the same thing a week or two after that. Sometimes hackers will wait a  while before they try to sneak in a purchase or two.

If you want  to check on your financial accounts but don’t feel comfortable using  your computer yet (maybe you found a virus that hasn’t been cleared out  yet), you’ll want to be careful accessing your account.

Assuming  you have a smartphone with a data plan you can use that to access your  accounts with little risk. Disconnect your phone from your wifi network  and use your data plan to access your accounts. Doing this won’t use  much data and will prevent you from potentially using a compromised wifi  connection.

5. Practice Smart Transaction Habits Going Forward

You should be doing this in general, but having your email found on the dark web means it’s time to be extra diligent.

Only make purchases on websites that are trustworthy and reliable. While there’s no foolproof site or company to buy from online, but doing this will help reduce risk significantly.

Websites  that don’t have “HTTPS” at the beginning of their URL should be ignored  immediately (you can check this by looking at the address bar in your  browser). It doesn’t if they have the coolest jeans in the world on  their site, it’s simply not safe.

If you do this you’ll be far  more likely to have your information protected when you make purchases  online, and the chance of your email showing up on the dark web will  decrease significantly.

6. Try Two-Factor Authentication

If  your email has been found on the dark web it’s probably a smart idea  for you to use two-factor authentication for your most important  accounts. Two-factor authentication adds an extra layer of security and  makes it significantly harder for a hacker to gain access.

Here’s how it works:

Usually, you enter your email address and password to log in to an account online. That’s all it takes.

With  two-factor authentication, you add one very important step to the  process. After you submit your standard information you’ll need to  verify the login attempt. This is typically done by receiving a text  message with a random code you’ll need to enter to access your account.

This prevents a third party from gaining access to your accounts, even if they have your email and password.

You’d  be surprised how many websites can be tricked into giving out access to  your account to someone even if they only have your email address. This  is why it’s important to do all of the recommended steps if your email  is found on the dark web.

7. Opt Out From Data Brokers And People Search Sites

This is one method that gets overlooked far too often, and it’s a huge shame.

Because this is probably one of the most common reasons why people end up finding their emails on the dark web.

Data brokers and people search sites like Whitepages and FastPeopleSearch exist solely for the purpose or sharing your info (like your email).

These sites then get scraped by spammers and hackers to build massive databases of info they can abuse.

This means you need to get your info off of them ASAP.

You can do this by manually opting out of each site (which will take a little time) or by doing it automatically. These sites legally have to honor your request for removal, so it’s only a matter of submitting them.

No  matter which method you go with, you should get started as quickly as  you can. The sooner your sensitive information is off the web for anyone  to look up, the sooner you can relax.