What Happens If Your Phone Number Is Found on the Dark Web?
For one Norton, Massachusetts woman, a leaked phone number led to the theft of thousands of dollars from her online bank account [*]. The scam unfolded with a phone call and ended with a hacker gaining remote access to her device and accounts.
It’s not unusual that the hacker was able to get ahold of the woman’s phone number and information in the first place. Significant data breaches happen multiple times each day.
In fact, there were 1,862 publicly reported data breaches in 2022 — the highest number ever in a single year [*]. These leaks resulted in the online exposure of personal data from 422 million individuals.
When breaches happen, the information stolen almost always makes its way to the Dark Web. Here, hackers and cybercriminals buy, sell, and trade various forms of identification, along with bank account numbers, credit card numbers, and phone numbers.
How To Find Out If Your Phone Number Is on the Dark Web
In basic terms, the internet includes the surface web — accessible with search engines — and the deep web — inaccessible with search engines [*]. Nestled within the deep web lies the Dark Web, a part of the internet that runs through nodes and networks called darknets. To navigate these depths, you need special software.
The Dark Web requires anonymizing browsers, such as the Onion Router (Tor). These browsers use unique routing and encryption techniques to mask user locations and activities.
While the Dark Web provides user freedom and privacy, it's also home to illicit activities, criminals, and illegal forums and marketplaces. Largely protected from detection and prosecution, Dark Web users can freely peddle stolen goods and data — including your phone number.
You may never know for sure where your phone number sits on the Dark Web, but there are ways to check if your information was leaked or breached at some point.
- Aura’s 24/7 Dark Web monitoring service. Most free Dark Web scanners only search for exposed passwords, but Aura's Dark Web monitoring service provides complete identity theft protection. Aura runs continuous Dark Web scans and sends notifications if your Social Security number (SSN), driver’s license, or phone number pop up.
- Aura’s free leaked password scanner. While Aura's free scanner checks for compromised email accounts and passwords, phone numbers often get leaked at the same time. You can cross-reference these leaks with the original data breach announcements to see what other information might have been leaked.
- Identity Guard’s Dark Web scanner. Identity Guard’s free Dark Web scanner combs through the Dark Web for leaked information related to your email. You can find out where and when the breach took place, and then investigate what other information was connected to that account.
- HaveIBeenPwned. On HaveIBeenPwned, you can search your email address to see if the account and passwords were leaked. You can also search your phone number to see if it was one of the 500 million accounts involved in the Facebook breach [*].
- WeLeakInfo. For a fee, WeLeakInfo lets you search more than nine billion leaked records for your phone number, email address, and username.
Any personal data on the Dark Web puts you at risk of identity theft and financial fraud. The more information that cybercriminals have on you, the easier they can target you with hacks and ID theft.
What Can Happen If Your Phone Number Is Found on the Dark Web?
Discovering your phone number on the Dark Web may be unsettling — but it is, unfortunately, not uncommon. In the final quarter of 2022 alone, nearly 81 million accounts were leaked online [*].
Still, you need to respond quickly to a breach because a leaked phone number can have seismic consequences. Here are some things that cybercriminals can do with your number if it ends up on the Dark Web.
- Target you with phone scams
- Take over your phone number with a SIM swap
- Mine more sensitive data about you
- Send you text message scams
- Spoof your phone number
- Intercept 2FA codes
- Dox or blackmail you
1. Target you with phone scams and phishing calls
Scammers only need a phone number to propagate their scams and phishing schemes. They may pose as FBI or IRS agents in attempts to steal your money or personal information. Other phone scams involve car warranties or promises of free vacations and iPhones.
The more of your personal information that a scammer has, the harder time you'll have spotting the scam. If you notice an uptick in these types of calls, it may be time for a new phone number.
How to protect yourself:
- Block or ignore calls from unknown numbers. Use the built-in spam-blocking features on your phone to silence unknown callers. You can also ignore unknown numbers and let them go to your voicemail.
- Never respond to or call back unsolicited calls or robocalls. Talking to scammers gives them the chance to clone your voice for future fraud [*]. Even saying "yes" can help them infiltrate automated systems.
- Know that government agents won’t threaten or harass you. Phone scammers try to create a sense of urgency by wielding threats. When in doubt, ask for a reference number or extension, and then hang up and call the agency back on their official phone number.
📚 Related: How To Identify a Scammer on the Phone (10 Warning Signs) →
2. Take over your phone number with a SIM swap
SIM swapping occurs when hackers take over your phone number by tricking your phone provider into rerouting your number to their device. They can then access your email addresses and other online accounts, including social media, photos, and bank accounts.
How to prevent SIM swaps:
- Set up authentication barriers. Many phone service providers allow you to create a unique passcode that verifies your identity. You can also set up two-factor authentication (2FA) on your accounts to add an extra security layer.
- Change your SIM PIN. SIM cards come with PIN numbers, which you use to unlock them. While you can disable these PINs and leave them as is, you should change the PIN to a new number [*].
- Use an alternate number or email. Avoid using your primary number for all transactions and account recoveries. Instead, use alternate emails and aliases. You might also get a burner or temporary phone number to use on these occasions.
3. Mine more sensitive data about you to steal your identity
If scammers can obtain your phone number from the Dark Web, there's no telling what else they might find. Scammers can use your personal data to mine recent data breaches or data broker lists for more information. They could scrape your address, driver’s license, or even your SSN.
How to protect your information:
- Opt out from data brokers. Many data brokers let you opt out of data collection and sharing. Search for your information on their sites and submit an opt-out form (often found in privacy policies or website footers).
- Limit what you post online. Minimize your digital footprint by only sharing necessary information. Clean up your social media accounts, avoid location sharing, and adjust the privacy settings on your devices and apps.
- Practice safe browsing. A virtual private network (VPN) masks your IP address and encrypts any personal information shared from your device or network. You should also only visit and share information on HTTPS websites that display the padlock icon.
📚 Related: What Is VPN on iPhones? Why You Need It & How To Turn It On →
4. Send you text message scams
At least 78 billion robo texts were sent between between January and June of this year [*]. SMS phishing or "smishing" scams dominate the landscape — with social engineering scammers posing as the government or companies that you know and trust, like the IRS, Amazon, or Netflix.
How to avoid text message scams:
- Spot the red flags. Text message scams often conjure a sense of urgency. You may be asked to update account information in order to avoid an account termination. These texts usually feature an impersonal greeting, request money or information, and include a strange link — all without preamble.
- Do not respond. You're better off disregarding or blocking these messages altogether. Responding with a "No" or "Stop" only confirms that you may be a pliable target. Whatever you do, never click on a link.
- Consider spam text protection. Many mobile carriers allow you to report text messages as spam. Aura's spam message protection goes a step further by filtering known spam numbers and scanning links for malware.
5. Spoof your phone number when scamming other people
Scammers may spoof your phone number for several reasons, but they usually do it to pose as a caller from a local number.
According to a 2022 report from Truecaller, 51% of Americans reported an increase in the number of calls that they received with spoofed numbers [*]. For you, the implications may include irate return callers, your number being blocked, or your friends and family conned.
How to prevent number spoofing:
- Contact your carrier. While they may not have the power to stop a scammer from spoofing your number, you should still file a complaint with your mobile carrier. If your SIM or bill is affected, this complaint could be your recourse.
- Limit outgoing calls. Depending on your device, you may block certain outgoing calls. For example, your iPhone can restrict outgoing calls to only your contacts [*].
- Change your phone number. If the effects of spoofing persist, your only option may be to switch numbers.
6. Intercept 2FA codes and gain access to your online accounts
Although 2FA generally makes accounts more secure, they may be compromised if your phone number is freely available on the Dark Web. Identity thieves can intercept 2FA messages sent to your number and then muscle into your accounts.
How to combat 2FA interceptions:
- Use strong, complex passwords. Before hackers use your 2FA message, they need to crack your password. Prevent this by creating unique passwords that combine multiple words, numbers, uppercase and lowercase letters, and symbols. Use a password manager such as Aura’s to help you manage all of your passwords safely.
- Consider an authenticator. An authenticator app won't use your phone number for 2FA. Instead, the app generates a code on your device without needing internet or mobile service.
- Add another authentication method. Turn 2FA into multi-factor authentication (MFA) by adding another verification method or device. For example, you can add an alternate email address or phone number for additional security.
7. Dox or blackmail you
If your phone number is in the wrong hands, your identity and sensitive information could follow. Scammers and hackers could use your number to access your cloud accounts, which might hold private photos and details about you. They could then threaten to reveal your identity or information unless you pay a ransom.
How to stop doxxing and blackmail:
- Make your online accounts private. Anything personal that you post can be used against you. Protect your accounts and posts by privatizing them. Audit your contact lists, as well, to limit who sees what you post and share.
- Report content to Google. While this may not scrub your data from the internet completely, you can request that Google remove revealing or dangerous information from its search results [*].
- Adjust your security questions. If your cloud-based storages use security questions, make sure the information can't be found online or guessed. You may even consider using fake answers to trick hackers.
Was Your Phone Number Leaked to the Dark Web? Do This
You're better to assume the worst if your phone number was found on the Dark Web. Work on the assumption that most of your sensitive information was also compromised. Take action and protect yourself with the following steps:
- Change your passwords. Fraudsters and hackers are almost always looking to access your online accounts (social media, online banking, email, etc.). You should update your passwords as soon as you find out that your information was leaked. Make sure each password is unique, complex, and long. Here are some actionable ways to create (and remember) passwords that hackers can’t crack.
- Enable 2FA on all of your online accounts. Hackers can use vulnerable accounts as gateways to trawl even more of your personal data. It might seem like an inconvenience, but 2FA adds a significant security improvement to your accounts.
- Lock your SIM card. Locking your SIM card prevents others from using it for calls or data unless they have the PIN. You can lock your SIM through your carrier or Android/iPhone settings.
- Freeze or lock your credit file. Freezing your credit prevents anyone from accessing your credit — even you. You will need to lift the credit freeze before any lenders can open a new credit card, loan, or line of credit in your name.
- Review your account statements and credit report. Regularly check for swings in your credit score, suspicious activity, and unfamiliar new accounts. You can get free credit reports yearly (and weekly until the end of 2023) from the three main credit bureaus — Experian, Equifax and TransUnion — by visiting AnnualCreditReport.com.
- File a report with the FTC and any other impacted organization. You can file a complaint with the Federal Trade Commission (FTC) at identitytheft.gov or reportfraud.ftc.gov. If you know of an organization or business that completed an account setup or purchase in your name, alert them directly, as well.
- Set up a spam and scam call blocker on your phone. Contact your mobile carrier to learn what spam and scam protection they offer. Android or iOS devices also have built-in settings that can help.
- Use Safe Browsing tools to protect against phishing attacks. Modern web browsers have enhanced security tools to make your browsing more secure. For example, you can use the “strict” browsing settings in Mozilla Firefox, found in the privacy and security settings. Google Chrome offers “Enhanced Browsing” in its privacy and security settings.
- Consider signing up for identity theft protection. An identity theft protection service like Aura can send you alerts the moment that a threat to your identity is detected. Aura also provides 24/7 U.S.-based fraud resolution support, along with identity theft insurance coverage for every adult on your plan.
- Check for compromised passwords. If you use Google Chrome, the browser’s password manager can automatically check for weak or compromised passwords. iPhones provide compromised password detection in the password security settings, too.
Can You Delete Your Phone Number From the Dark Web?
Unfortunately, once your phone number or other personal information has made its way to the Dark Web, there's virtually no way to remove it. That's why preventative and protective measures play such an important role in identity theft security.
Instead of trying to delete your phone number from the Dark Web, the best thing you can do is understand what information has been compromised and bolster your cybersecurity measures to defend yourself.
How To Keep Your Personal Information Off of the Dark Web
Never has it been more important to protect yourself and your family online. Data breaches are at unprecedented levels, artificial intelligence is wreaking havoc, and scammer tactics have become increasingly sophisticated.
This puts everyone at risk of having their personal information leaked to the Dark Web. Employing a few key tactics can help keep your information safe online:
- Boost your account security with stronger passwords, multi-factor authentication, authentication apps, and security questions. Consider using a password manager to maintain unique passwords for each of your accounts and reduce how much you actually need to remember.
- Limit the amount of information that you share online. Scrub your social media accounts of any personal information, and delete accounts that you no longer use. You might also think twice about displaying your phone number, address, and email addresses on public accounts.
- Keep certain types of information to yourself. You should only provide your driver's license and SSN in extreme cases. Most organizations have a workaround for people who prefer not to share these documents online.
No single step can keep cybercriminals at bay. The most effective way to stay safe is by using a multi-point security package.
With Aura, you benefit from comprehensive identity theft protection, which features 24/7 Dark Web monitoring and alerts.
Every Aura plan also includes antivirus protection, Safe Browsing tools, and three-bureau credit monitoring with the fastest and most reliable fraud alerts. If something should go wrong, Aura provides reassurance with round-the-clock customer support and a $1 million identity theft insurance policy.