An international operation involving the National Crime Agency has taken down one of the biggest online marketplaces selling stolen credentials to criminals worldwide.
The activity, led by the FBI and Dutch National Police and supported by 16 countries, saw Genesis Market taken offline yesterday (April 4).
Genesis Market was a go-to service for criminals seeking to defraud victims, having hosted approximately 80 million credentials and digital fingerprints stolen from more than two million people.
As part of the investigation, the NCA identified hundreds of UK-based users of the platform and information was passed to policing partners across the country. This resulted in 31 warrants being executed yesterday and this morning in coordinated raids by the NCA, Regional Cyber Crime Units and police forces.
You can read more about the operation on our news page.
How to check if you have been targeted by criminals using Genesis Market and protect your data from being compromised
Take action using the following steps in order to find out if your devices and/or accounts have been compromised and to protect yourself from future attacks.
Step 1: Identify whether your data has be compromised and accessed by criminals on Genesis Market:
- Check Your Hack is a certified website run by the Dutch National Police (Politie) who were key partners in the Genesis Market investigation. Visit Check Your Hack and input your email address to find out if your data has been compromised and from which platform(s).
[If your data has not been compromised, go straight to Step 3 for advice on how to protect your devices and accounts].
Step 2: Check if your device and/or online accounts have been compromised and recover an infected device:
- Signs of infection can include a slow running device that is rebooting by itself or pop-up boxes from programs you don’t recognise that may ask you to do unexpected things.
- If you suspect your PC, tablet or phone has been infected with a virus or malware, follow the NCSC guidance to remove the infection and restore your device.
Check for and recover a hacked account:
- Check your online accounts to see if there has been any unauthorised activity, such as attempted log ins from strange locations, messages sent from your account or money transfers you don’t recognise.
- If your online accounts have been compromised, the following NCSC guidance explains what you can do and how you can recover a hacked account and regain access.
[If your data or accounts have been compromised, follow the guidance in Step 5 below to report the crime].
Step 3: Secure your devices against cyber attacks
- Ensure your computer and mobile devices always have the latest security updates installed where possible.
- Apply updates as soon as they are available, do not ignore these prompts. Turn on ‘automatic updates’ in your device’s settings, if available.
Step 4: Protect your online accounts from future compromise by criminals
- Use three random words to create a strong password for each of your online accounts that’s different to all your other passwords, to prevent criminals accessing your personal information.
- Your online accounts, such as your email, contain a lot of information about you that criminals can use to scam you or people you know. This includes personal, but not sensitive, information that can be used to build trust, like the names of family or friends, who you bank with, and where you tend to shop online.
- Always use 2-step verification (2SV) where possible to protect your most important online accounts. It helps to keep criminals out of your online accounts, even if they know your passwords. If 2SV is available for your account, you’re usually prompted to set it up. Alternatively, the option to switch it on is usually found in security settings.
- Use your browser’s password manager to safely store passwords. Password managers are easy to use, hard to crack and will save you from having to memorise your passwords. Web browsers will offer you the opportunity to save your password when you log into an account.
More advice and guidance on how to protect your accounts and secure specific devices can be found at www.ncsc.gov.uk/cyberaware
Step 5: Report
- If your data has been comprised or accessed by criminals on Genesis or if you have fallen victim to fraud or cyber crime more generally, report it any time to Action Fraud. If you are reporting as a victim of Genesis, quote the word ‘Genesis’ in the ‘Additional information’ box on the Action Fraud site, or when peaking to the Police.
- In Scotland, report it to Police Scotland by calling 101. If you are a victim of fraud, you should also report it to your bank.
- If a law enforcement officer contacts you in relation to a suspected fraud, you can verify their identity by calling the police on 101 or the NCA Control Centre on 0370 496 7622.