What to do if your phone number is on the dark web
The “dark web” already sounds ominous enough. Finding out your phone number is on the dark web is a whole other level of scary. Read on to learn what to do if your phone number is up on the dark web. But first, how can you be sure your phone number is on the dark web? What even is the dark web?
What is the dark web and how is it different from the deep web?
The dark web is often described as those parts of the internet that require special software to access. This is only partly right, here’s a rundown. The clear or surface web is where you’re reading this article, it’s the collection of websites that get indexed by search engines. You use special software—your browser—to access it.
The deep web is everything that search engines can’t reach, like your emails, your company’s internal files, and anything else that’s online but not discoverable. The dark web is generally used to describe those parts of the deep web that are only accessible on the Tor network, using the Tor browser.
There’s nothing inherently bad or scary about the dark web, but it’s true that bad and scary people are drawn to it more than regular folks. The dark web is about as close to an anonymous network as we’ve seen. Among the many crimes that are committed there, the sale of and trade in personal data is particularly popular.
There’s no shortage of dark-web marketplaces and forums on which credit card numbers, Social Security numbers, and other stolen personal data are sold, traded, and shared. So you’re not wrong to worry if your phone number is doing the rounds on these dark-web sites.
Can your phone number be found on the dark web?
Are you sure your phone number is really available on the dark web? If you subscribe to a reputable dark-web monitoring service and you receive an alert, then your phone number probably really is on the dark web. It’s not recommended that you journey to the dark web to find out for yourself.
Instead, you can try the oddly named but reliable website HaveIBeenPwned.com. You can search for each of your phone numbers and email addresses one by one to see if any of them have been involved in data breaches. The website might not be up-to-the-minute, but its results are reliable.
What’s the danger if your phone number is found on the dark web?
First of all, don’t panic if your phone number appears on the dark web: it may “only” be part of a dump of millions or hundreds of millions of users’ data that got exposed through a data breach. In some cases, all the hackers get is a list of phone numbers or email addresses that aren’t associated with their owners’ names.
Having your personal information online is never a good thing, but it’s important to keep things in perspective. There’s likely already a ton of your sensitive data floating around online. Companies called data brokers specialize in collecting, repackaging, and selling or sharing your data for profit.
As scary as having your phone number found on the dark web is, there’s probably a whole lot more of your personal information on data broker and people search sites on the surface web. Search online for your name, phone number, and address and see what comes up.
You can get your personal data off of these sites by manually going through each company’s opt-out procedure. We’ve prepared detailed guides for you to do this yourself, but you might find an automated personal information removal service like Incogni to be well worth the outlay.
In the meantime, this is what you might expect if your phone number appears on the dark web:
An uptick in scam and phishing calls
A sudden increase in the number of unwanted calls you receive is typical of your number having been included in a data breach, telemarketing call list, or published on the dark web. These calls are likely to be from people fishing for more of your sensitive information (known as “phishing”) or trying to scam you outright.
A flood of scam text messages
Similarly, you might start to get inundated with spam and scam text messages. The authors of these messages often try to imitate legitimate businesses, and some might even try to imitate your boss, coworkers, or family members. We’ve prepared a series of scam alert articles describing how to identify and deal with messages like these.
Losing control over your phone number
You might find that your SIM card or eSIM is suddenly no longer recognized by your phone, leaving you with the “emergency calls only” warning instead. This is more than a sign that your phone number has ended up on the dark web, it might indicate that you’ve been “SIM-swapped.”
SIM-swapping is an illegal activity in which someone other than the owner of a phone number contacts the carrier and convinces it to reroute that number to another device. Your original SIM getting deactivated can be a side-effect of this process.
Angry messages and calls from random people
Another side-effect of being SIM-swapped or having your phone number spoofed is a sudden spike in angry calls and texts from either random strangers or your friends, family, and coworkers. If this happens, it may mean that scammers are using your number to try to defraud people.
Loss of access to your accounts
You might find that you’re logged out of some of your online accounts. If your account information is already public or easy to guess and your passwords are weak or reused between accounts, then SIM-swapping your phone number may well be the final piece of the puzzle for someone trying to access your accounts.
A sudden increase in people looking you up online
This is something that you probably won’t have any way of detecting, but if someone gets your phone number off the dark web (or anywhere else), they might start looking you up on people search sites and other data brokers’ websites. Cybercriminals know the value of personal details, and online searches are an easy way for them to find what they need.
There’s basically nothing you can do to get your phone number off the dark web, but there’s a lot you can do to protect yourself should your phone number fall into the wrong hands.
Start using a password manager and change your passwords
A phone number is most useful to a cybercriminal when they already have your passwords. The worst thing you can do is use weak passwords that are easy to guess or brute force. Equally bad is reusing passwords between online accounts. Even if the password you reuse is strong, all it takes is for one company to drop the ball and suffer a data breach—the first thing hackers do is try compromised passwords on all your online accounts.
So use strong passwords that are both long and complicated. Use unique passwords. This means one account per password. A password manager like NordPass or Bitwarden will make both generating and keeping track of all those passwords quick and easy.
Add MFA, but not SMS-based MFA
Two-factor authentication (2FA) or multi-factor authentication (MFA) provides an extra layer of security for your online accounts. Don’t use SMS codes for 2FA or MFA, though. If you get SIM-swapped, your attacker will have access to these codes as they come in. Instead, use an authentication app like Aegis to generate 2FA/MFA codes on the fly.
Protect yourself against SIM-swapping
Contact your carrier or visit its website to see what methods are available to protect yourself against SIM-swapping attacks. These will typically involve you setting an additional PIN code or password without which the carrier won’t transfer your number to a new device.
Change the PIN on your SIM
Oftentimes, your SIM card will have the option to set a PIN. If you already had a SIM PIN before your phone number appeared on the dark web, change it. Set a PIN on your SIM if you don’t already have one.
Keep an eye on your finances
Identity theft is an extremely unlikely outcome of just having your phone number on the dark web, but it’s better to be safe than sorry. Check your bank account or bank accounts for suspicious activity. Request a credit report or subscribe to a credit monitoring service if you have additional concerns about unauthorized financial transactions.
Be extra suspicious of calls and texts from unknown numbers
Knowing that your phone number is now public (whether because of the dark web or people search sites and other data brokers), you should be particularly wary of calls and texts from unknown numbers. Phishing scams can be extremely effective in drawing out personal information.
What happens if your phone number is on the dark web?
If it’s just your number that’s on the dark web, then probably nothing. You might find that you get more spam and scam calls and texts, but that’s about it. If more of your personal information is on the dark web (and clearnet—the regular HTTP internet), then you’re susceptible to more advanced phishing attacks, having your accounts compromised, and even having your identity stolen.
Can I remove my phone number from the dark web?
No, realistically you can’t remove your phone number from the dark web. It’s even less likely than it would be on the surface web, and it’s not recommended that you approach dark web webmasters to try. The dark web is a lawless place and engaging with users can end badly.
Should I be worried if my information is on the dark web?
Yes, you should be worried if your information is on the dark web. How worried will depend on what information is out there and the context in which it appears on the dark web. If it’s just your phone number that’s been published as part of a huge data breach, you should take precautions but everything should be OK.
If your information is part of a dossier that includes multiple pieces of personal data, then you should take immediate action to protect yourself against identity theft and other cybercrimes. The FTC’s (Federal Trade Commission’s) identity theft portal is a great place to start.
How do I remove my mobile number from all websites?
You probably won’t be able to remove your mobile number from all websites, but there’s a lot you can do to limit how and where it’s shared. Data brokers (including people search sites) are likely to blame for the bulk of the sites that are sharing or selling your mobile number. Opting out of data brokers is the best place to start.
You can approach data brokers individually, finding and following each one’s opt-out procedure, waiting for their confirmation emails and following any additional instructions they contain. The problem is this will take an estimated 300+ hours, and you’d have to do it all again a few times a year. Or, you could sign up for Incogni and let the automated personal information removal service do all this and more on your behalf.
Other than that, you can take steps to ask that webmasters pull your data from their sites and even request that Google and other search engines deindex websites that publish your mobile number. Incogni has prepared a detailed guide on how to do this and more, with clear, step-by-step instructions.
Can you remove your information from the dark web?
No, you generally won’t be able to remove your information from the dark web. You can protect yourself in other ways if your information is on the dark web, though. Enable two-factor authentication, use unique, complex passwords, and even request a credit freeze if you’re at risk of identity theft.
Can you be removed from the dark web?
No, your presence on the dark web is at least as permanent as it is on the surface web. You can close any accounts you have on the dark web and delete any content you’ve posted there, but anything that’s held on other people’s servers is likely to stay up for as long as they want to keep it there.
How do I stop my phone number from being displayed?
To stop your phone number from being displayed on a per-call basis, dial *67 before making each call. You can also block your caller ID on your Android or iOS smartphone or ask your carrier to hide your phone number on all outgoing calls.
How do I make my phone number unsearchable?
The only way to make your phone number unsearchable online is to get it off all of the people search sites and other data brokers that are listing it. You can do this manually, by approaching each data broker individually or by signing up for an automated personal information removal service like Incogni.
What if my SSN was found on the dark web?
Your SSN (Social Security number) being found on the dark web is a real cause for concern. Your SSN is a particularly sensitive piece of private information and can be used to commit financial fraud or even identity theft. Check out the FTC (Federal Trade Commission) identity theft portal to protect yourself.
Does the dark web track you?
No, the dark web is just a network and doesn’t track you. People and organizations on the dark web can track you, though. The dark web allows you to be much more anonymous than the surface web, but no network is completely anonymous and no security measure is truly unbreakable.
Why would someone be on the dark web?
There are many reasons for someone to be on the dark web. Yes, some users are there to purchase contraband or engage in other illicit activities, but many are there to circumvent government surveillance, contact journalistic sources anonymously, or just explore an alternative network to the World Wide Web.
Can websites access your phone number?
A website you visit using a privacy-respecting browser like Firefox can’t access your phone number unless you provide it directly to that website or to one of its affiliates with which it shares user data. There is a chance of a website accessing your phone number if you use something like Google Chrome on a smartphone, though.
To remove all accounts linked to your phone number, access each account and look for options like “delete data and close account” or simply “delete account” or similar. Follow the steps for each account to complete the account deletion process.
There are many ways to find out what accounts are linked to your phone number. If you used the “sign up with Google / Facebook / Twitter” option (not recommended), then you can review the given platform’s security settings to see which accounts are linked to it.
Otherwise, go through your password manager, search through your inbox for account verification emails, and check your browsers for saved login details. Check each online account to see if your phone number is linked to your profile. While you’re at it, delete accounts you don’t need anymore.