Criminals can use your sensitive data found on the dark web to create customized phishing attacks and even steal your identity. But how would you know if you Personal numeric code or other valuable information reside there?

You probably won’t go on the dark web and check for yourself. The dark web, sometimes called the dark web, is the part of the internet that you can’t find through conventional search engines. To get there, you need what’s called an anonymized browser and a specialized search engine.

“It’s very scary down there,” said Rajiv Kohli, a business professor at William & Mary. Kohli specializes in cyber security research and the dark web — and, yes, he’s been on it.

Signing up for an identity theft protection service is one of the best ways to find out if your sensitive data is on the dark web. But she is not sure. Troves of information are added to the dark web after data breachesso it can be difficult for services to keep up.

The truth is, you can never be sure if your private data is in the hands of cybercriminals. But there are some giveaways that your personal information can be available to identity thieves.

Aura can let you know if your data is on the dark web

Is my personal information on the dark web?

So how can you tell if your personal data is on the dark web? There are several signs you will want to look for.

Random emails, texts and phone calls

Everyone gets these and they are not automatically a sign that your information is on the dark web. However, it is a possibility. Kohil says that if you’re getting a lot of spam emails, calls and spam messages, “it’s probably because someone purchased a list to run some kind of financial scam, and your information was on it.”

Unknown purchases on your credit card

Your Spidey senses should start to tingle if this happens to you. “Even if they’re small, it could be because someone purchased your credit card number from a list of hundreds of credit card accounts that are being sold for as little as five cents apiece on the dark web,” says Kohil. Your bank will normally send you a new card after suspicious purchases are identified or reported.

You are locked out of your bank account

It’s one thing if you’ve forgotten your password and guessed too many times for your bank’s comfort. But if that’s not the case and you’re feeling stuck, it’s possible that someone else has tried to sign in to your account too many times.

Strange health insurance claims

If you receive medical bills for procedures you never had, call your health care provider or your insurer right away. If medical claims that should have been accepted are denied because of the use of benefits, the be an ominous sign. Medical identity theft is a real problem, although it is rare (less than 1% of identity theft is medical, according to the latest Bureau of Justice Statistics).

Unauthorized login or password changes

If you have just changed your bank password, you will receive an alert. But if you get an alert that your bank password has been changed and you know you haven’t, that’s a major red flag. The same goes for any email you receive about unrecognized login activity with your account.

How this can lead to identity theft

If your personal information, such as your name, phone number or email address, is on the dark web, you will be more vulnerable to identity theft and online scams. If a cybercriminal has some of your personal information, they will be able to create a believable scam more easily than if they approach a complete stranger.

Most commonly, identity thieves will find passwords and login on the dark web. There are many dark web sites with lists of usernames, emails and passwords suitable for different sites. Cybercriminals use them for credentials stuffingwhere they try your password from one site on a bunch of other sites, according to Andrew Wolfe, director of the cybersecurity program at Loyola University of New Orleans.

It’s less common for your credit card or government ID information to be openly posted on the dark web, he said. So if your driver’s license has been stolen, that information probably won’t be openly available on the dark web for your identity thief to see.

But don’t expire yet. A stolen driver’s license or social security number won’t be openly available on the dark web because it’s more valuable, Wolfe said. “Cybercriminals will offer them for sale on dark web sales sites.”

At the same time, you probably don’t want to be too scared when you think of the dark web. Not all of your information found on the dark web is too useful for bad actors.

“Usually we worry that highly sensitive information has been exposed and that cybercriminals intend to use some of your information to destroy your life. This is an exaggeration,” Wolfe said. “The dark web has a lot of data, like your 2013 password for a yoga newsletter. I mean, most of these are mundane.”

What you can do if your personal data is on the dark web

If you discover that your personal data is on the dark web, there is not much you can do. It’s out there and may have already been sold multiple times. However, there are preventative measures you can take to minimize the consequences.

Sign up for identity theft monitoring

With data breaches happening more often, it’s difficult to prevent your information from falling into the wrong hands. But you can keep a pulse on your data with an identity theft monitoring service.

“It’s extremely valuable to have some sort of dark-web monitoring service,” Wolfe said. “Many banks, credit unions and other financial services companies offer these.”

For example, Chase Credit Journey and Capital One’s CreditWise offers absolutely free dark web surveillance. Same with credit bureau Experian. However, these free services lack the digital security tools and advanced monitoring and restoration services offered by many paid services.

Aura can let you know if your data is on the dark web

Paid services ca Aura and Lifelock offer more comprehensive coverage and typically range from $7 to $15 per month for individual accounts.
If your identity theft protection service tells you an account has been compromised, Wolfe suggests closing the account or at least changing your password.

Freeze your credit

You can freeze your creditso that no one can open loans, credit cards and other credit-based accounts in your name. But it also prevents you from opening a new account unless you temporarily or permanently unblock your credit.

Credit freezes always sound good in theory, but they can be a hassle to manage. But if your information is on the dark web and a credit freeze gives you peace of mind, you can do it online at each of the credit bureau websites.

A credit freeze is also not a complete solution to identity theft. For example, if you freeze your credit, they won’t be able to take out a new loan, but if they already have your current credit card number, they could still make unauthorized purchases. And because banks don’t always do a credit check when you open a new bank account, someone could still open a checking or savings account in your name.

Change your passwords regularly

The best passwords are complicated. “Any password that’s easy for you to remember is easy for a cybercriminal to guess.” Wolfe said.

He adds that “with such hard passwords, no one can reliably memorize and use more than one hand. But no realistic person expects you to. Basically, everyone needs a password manager.”

He also warns you not to answer your password recovery questions correctly. Hackers likely know your former street name, teacher and pets, Wolfe said. So you’ll want to answer these questions differently to prevent anyone but you from logging in.

Review your bank statements

It may seem like a routine fix, but reviewing your bank statements each month can help you watch for potential red flags, according to Robin Chataut, assistant professor of cybersecurity and computer science at Quinnipiac University.

“Regular monitoring of financial statements and credit reports can help you identify any unauthorized activity early,” he says.

Look for any charges you don’t recognize or even deposits that didn’t come from sources you know.

How to report identity theft or fraud

If a data breach leads to fraud or identity theft, contact your credit card company, bank or lender, as well as the three major credit bureaus.

If you’ve signed up for identity theft protection with white glove service restoration, the company should also assist you with these steps and help you fight improper charges. You’ll also want to notify the Federal Trade Commission.

“If identity theft is suspected, it is important to report it to the relevant authorities, such as the US Federal Trade Commission, not only to protect yourself, but also to prevent further occurrences,” Chataut said.

To report fraud or identity theft to the FTC, visit IdentityTheft.gov or call 1-877-438-4338.