SENSITIVE information like your credit card number and bank account details could be for sale on the internet's dark underbelly.
The dark web is the part of the internet that isn't indexed by search engines.
It can only be accessed using a special browser called Tor, short for The Onion Router.
Popular media paints it as a haven for criminals, rife with illegal activity - and while the image is dramatized, there is some truth to it.
The dark web, much like the publicly accessible Clearnet, is full of forums where hackers meet to share stolen data.
Cybercriminals often try to profit from data breaches, and the information - credit card numbers, login credentials, and more - can sell for tens of thousands of dollars.
In May, a group called ShinyHunters claimed responsibility for a TicketMaster hack that of more than 500 million account holders.
ShinyHunters attempted to sell this information for $500,000 on a dark web forum, though it is unclear if the group ever made the sale.
Since the dark web is unindexed, these shadowy forums won't appear in a simple Google search.
This makes it difficult to tell if your information has reached the internet's furthest-flung corners.
Most read in News Tech
The best way to be sure is to sign up for dark web monitoring, a service offered by professional cybersecurity companies.
By comparing your information to information on the dark web, these companies can determine if you've been included in a data breach.
Companies will also notify you if they believe your credentials have been exposed. TicketMaster, for one, sent out letters to millions of customers last month.
If you're unsure of the extent of the damage, carefully monitor your accounts for suspicious activity, which may come in the form of unfamiliar purchases or frequent log-in attempts to your accounts.
If you're unlucky enough to have been included in a data breach, begin by changing your passwords immediately.
A secure password is at least 16 characters long and uses a hearty mix of uppercase and lowercase letters, numbers, and symbols.
You should also enable multi-factor authentication (MFA) wherever possible.
MFA requires you to prove your identity in two or more ways before accessing your accounts.
This may entail sending a passcode to your phone or email address or using a biometric identifier like a fingerprint.
If your information has been found on the dark web, you may be a victim of identity theft.
It is a good idea to place a fraud alert on your credit report to prevent criminals from opening credit accounts or taking out loans in your name.
If your Social Security number has been compromised, claim it on your as soon as possible.
You should lock your Social Security number, which will prevent anyone—including yourself — from changing or accessing your Social Security record.
READ MORE SUN STORIES
This makes it difficult to borrow money or get a new job.
To avoid the headache, you must act to secure your information as soon as you learn you're a victim.
How are scammers finding my number?
Here Mackenzie Tatananni, science and technology reporter at The U.S. Sun, breaks down ways a scammer may get your information.
Scammers commonly get phone numbers from data breaches, which occur when a hacker accesses a private database - often those maintained by companies like service providers and employers.
This information may be shared and circulated online, including on the dark web, where there are forums dedicated to sharing leaked information.
Another common technique called wardialing employs an automated system that targets specific area codes.
A recorded message will instruct the listener to enter sensitive information, like a card number and PIN.
There is also a far more harrowing possibility: your phone number could be listed online without your knowledge.
Data brokers are hungry to buy and sell your information. These companies gather information from various public sources online, including social media and public records
Their primary goal is to build databases of people and use this information for tailored advertising and marketing.
Much of this information ends up on public record sites, which display information like your phone number, email, home address, and date of birth for anyone to see.
In the United States, these sites are legally required to remove your information if you request it.
Locate your profile and follow the opt-out instructions, but be warned - these sites do not make it easy and intend to frustrate you out of completing the deregistration process.
For simplicity's sake, you can also use a tool to purge your information from the Internet.
Norton offers one such service. Called the Privacy Monitor Assistant, the tool finds info online and requests removal on your behalf.
It is also possible that your phone number may be linked to a social media account and publicly displayed on your profile - this happens quite frequently with Facebook.
Be sure to review your privacy settings and confirm this information is hidden away from prying eyes.