Have you been hacked? Experts reveal the tell-tale signs
Cybersecurity fears have increased in the wake of the global takedown of “Amazon of crime,” the Genesis Market.
The online sales site – which offered scam victim IDs for as little as 50p (75c) – was unknown to most computer users until yesterday.
Alarming details released by the UK’s National Crime Agency have sparked concern after millions of victims put their data up for sale.
They include online banking, Facebook, Amazon, PayPal and Netflix account details, as well as digital fingerprinting with data from mobile devices.
But online security experts say there are a number of ways people can stay safe — and recognize the signs that they may have been compromised.
Vonny Gamot, Head of EMEA, at online security firm McAfeetold MailOnline, “Regularly check your accounts for unknown or unauthorized activity, such as attempted logins, messages sent from your account, or transactions you did not make.”
Vonny Gamot, head of EMEA at online security company McAfee, has provided cyber advice
Visitors to the Genesis marketplace today are greeted by this post-removal splash page
“If there is anything suspicious, report it immediately.
And watch out for phishing attacks. This could be an email or text message directing you to a bogus site designed to steal your personal information – either by tricking you into providing it or stealing it without your knowledge.
“It’s always wise to keep a skeptical eye on unsolicited messages that ask you for information in some way, often in a way that urges or pressures you to act.”
The Genesis Market operated through a group of attackers who created a program that infected millions of users around the world to collect their data.
Those who wanted to use Genesis could only join by invitation of an already established member.
The references were offered for sale in some places on the internet for around £25.
The marketplace could be found using normal internet search engines, as well as on the dark web, and users were provided with step-by-step guides on how to purchase stolen data and use it for fraud.
The site included easy-to-follow instructions telling offenders how to impersonate their victim, bypassing banking systems that require biometrics.
It even advised how to buy bitcoin to avoid tracing transactions from law enforcement.
Sales data includes account logins, passwords, cookies, search history, and auto-populated form data that allowed fraudsters to build a detailed picture of their prey.
Perpetrators were also able to infiltrate victims’ computers to install secret malware that notified them in real time if their target changed their passwords.
Armed with the information, fraudsters could empty bank accounts, spend money en masse or steal valuable data to blackmail victims into handing over even more money via ransomware.
Vonny added: “If you think you might be a victim or if you’re generally concerned about protecting your online privacy and identity, there are some simple steps you can take to protect yourself.
‘Strong and unique passwords are a must, so never reuse a password for multiple accounts, apps and platforms.
“Using a password manager helps you keep track of everything while securely storing your passwords.
While a strong and unique password is a good first line of defense, enabling two-factor authentication for all your accounts provides an extra layer of protection for your privacy and identity.
Regularly check your accounts for unknown or unauthorized activity, such as attempted logins, messages sent from your account, or transactions you did not make.
If there is anything suspicious, report it immediately.
And watch out for phishing attacks. This could be an email or text message that redirects you to a bogus site designed to steal your personal information, either by tricking you into providing it or stealing it without your knowledge.
It is always wise to be skeptical about unsolicited messages that ask you for information in some way, often in a way that urges or pressures you to act.”
Members of the audience can click here to find out if their credentials are on Genesis.