Have you been hacked? Experts reveal the tell-tale signs

Australia
By William

Cybersecurity fears have increased in the wake of the global takedown of “Amazon of crime,” the Genesis Market.

The online sales site – which offered scam victim IDs for as little as 50p (75c) – was unknown to most computer users until yesterday.

Alarming details released by the UK’s National Crime Agency have sparked concern after millions of victims put their data up for sale.

They include online banking, Facebook, Amazon, PayPal and Netflix account details, as well as digital fingerprinting with data from mobile devices.

But online security experts say there are a number of ways people can stay safe — and recognize the signs that they may have been compromised.

Vonny Gamot, Head of EMEA, at online security firm McAfeetold MailOnline, “Regularly check your accounts for unknown or unauthorized activity, such as attempted logins, messages sent from your account, or transactions you did not make.”

Vonny Gamot, head of EMEA at online security company McAfee, has provided cyber advice

Visitors to the Genesis marketplace today are greeted by this post-removal splash page

Visitors to the Genesis marketplace today are greeted by this post-removal splash page

“If there is anything suspicious, report it immediately.

And watch out for phishing attacks. This could be an email or text message directing you to a bogus site designed to steal your personal information – either by tricking you into providing it or stealing it without your knowledge.

“It’s always wise to keep a skeptical eye on unsolicited messages that ask you for information in some way, often in a way that urges or pressures you to act.”

1680814110 122 Have you been hacked Experts reveal the tell tale signs

Have you been hacked by Genesis?

– Visit Check your hack and enter your email address to find out if your data has been compromised.

– Signs of infection can be a slow device that restarts on its own or pop-up windows from programs you don’t recognize that can ask you to do unexpected things.

– If you suspect that your PC, tablet or phone is infected with a virus or malware, follow the NCSC guidelines to remove the infection and restore your device.

– Check your online accounts to see if there has been any unauthorized activity, such as attempts to log in from strange locations, messages sent from your account, or money transfers you don’t recognize.

– Always have the latest security updates installed on your computer and mobile devices where possible.

– Apply updates as they become available, don’t ignore these prompts. Turn on “automatic updates” in your device’s settings, if available.

– Use any three words to create a strong password for each of your online accounts that is different from all your other passwords to prevent criminals from accessing your personal information.

– Always use 2-step verification (2SV) whenever possible to protect your most important online accounts. It helps keep criminals out of your online accounts, even if they know your passwords.

– Use your browser’s password manager to store passwords securely. Password managers are easy to use, hard to crack, and take the hassle out of remembering your passwords. Web browsers give you the option to save your password when you log in to an account.

– If your data has been compiled or accessed by criminals on Genesis or if you have become a victim of fraud or cybercrime in general, please report it to Action Fraud at any time.

– In Scotland you can report this to the Scotland Police by dialing 101. If you are a victim of fraud, you should also report it to your bank.

– If a law enforcement officer contacts you regarding a suspected fraud, you can verify their identity by calling the police on 101 or the NCA Control Center on 0370 496 7622.

– If you have received a suspicious email, please forward it to report@phishing.gov.uk to stop criminal activity.

The Genesis Market operated through a group of attackers who created a program that infected millions of users around the world to collect their data.

Those who wanted to use Genesis could only join by invitation of an already established member.

The references were offered for sale in some places on the internet for around £25.

The marketplace could be found using normal internet search engines, as well as on the dark web, and users were provided with step-by-step guides on how to purchase stolen data and use it for fraud.

The site included easy-to-follow instructions telling offenders how to impersonate their victim, bypassing banking systems that require biometrics.

It even advised how to buy bitcoin to avoid tracing transactions from law enforcement.

Sales data includes account logins, passwords, cookies, search history, and auto-populated form data that allowed fraudsters to build a detailed picture of their prey.

Perpetrators were also able to infiltrate victims’ computers to install secret malware that notified them in real time if their target changed their passwords.

Armed with the information, fraudsters could empty bank accounts, spend money en masse or steal valuable data to blackmail victims into handing over even more money via ransomware.

Vonny added: “If you think you might be a victim or if you’re generally concerned about protecting your online privacy and identity, there are some simple steps you can take to protect yourself.

‘Strong and unique passwords are a must, so never reuse a password for multiple accounts, apps and platforms.

“Using a password manager helps you keep track of everything while securely storing your passwords.

While a strong and unique password is a good first line of defense, enabling two-factor authentication for all your accounts provides an extra layer of protection for your privacy and identity.

Regularly check your accounts for unknown or unauthorized activity, such as attempted logins, messages sent from your account, or transactions you did not make.

If there is anything suspicious, report it immediately.

And watch out for phishing attacks. This could be an email or text message that redirects you to a bogus site designed to steal your personal information, either by tricking you into providing it or stealing it without your knowledge.

It is always wise to be skeptical about unsolicited messages that ask you for information in some way, often in a way that urges or pressures you to act.”

Members of the audience can click here to find out if their credentials are on Genesis.

HOW TO CHECK IF YOUR EMAIL ADDRESS HAS BEEN COMPRODATE

Am I Pwned?

Tory Hunt, cybersecurity expert and regional director of Microsoft, walks “Am I Pwned”.

On the website, you can check if your email has been compromised as part of any of the data breaches that have occurred.

If your email address appears, you must change your password.

Pwned passwords

To check if your password might have been exposed to a previous data breach, go to the site’s homepage and enter your email address.

The search function will compare it to the details of historical data breaches that have made this information publicly visible.

If your password does show up, you’re probably at greater risk of being exposed to hacking attacks, fraud, and other cybercrime.

Mr. Hunt built the site to help people check whether or not the password they want to use is on a list of known breached passwords.

The site does not store your password alongside any personally identifiable information and each password is encrypted

Other safety tips

Hunt offers three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and store unique passwords for each service you use.

Then enable two-factor authentication. Finally, stay on top of any breaches

You might also like More from author