The RGP says an international police operation has shut down an online marketplace in which innocent people’s personal and banking details were being bought and sold. 

A statement from the RGP follows below:

‘Operation Cookie Monster’, led by the FBI and the Dutch National Police but  involving law enforcement agencies from 17 countries, has resulted in over 120  arrests, 24 of them in the UK. 

The online marketplace, known as Genesis Market, was handling over 2 million  identities when it was taken down. Most of these were from Netflix and PayPal  accounts. 

When criminals purchased a ‘bot’, it would give them a person’s log-in details,  passwords and details from their autofill forms. The more expensive ‘bots’ would  also contain information about a person’s online bank accounts. Criminals would pay  around 56p for a simple ‘bot’ and up to several hundred pounds for one containing  much more information. 

Will Lyne, the head of cyberintelligence at the UK’s National Crime Agency said: ‘Genesis Market is one of the top criminal access marketplaces anywhere in the  world. Genesis Market is an enormous enabler of fraud and a range of other  criminal activity online, by facilitating that initial access to victims. (Using this), you  can completely self-start and go looking for this and get everything you need to  perpetrate a crime. You don’t have to go and meet somebody, you don’t have to go  into a shadowy forum, you can get into it, pay your money and then you’ve got the  tools to commit a crime. That’s why it is so damaging and it is very, very easy.’ 

How to Check if Your Digital Identity Has Been Stolen: 

The Dutch Police has developed a portal to check whether your information has  been compromised. Visit https://www.politie.nl/checkyourhack and fill in your email  address to see if it is part of a Genesis Market leak. 

If your digital identity has been stolen, here are the steps you should take: 

- Run your antivirus programme. In most cases, your antivirus will catch the  malware and remove it. Only then should you change all your passwords – not before if you do not want the cybercriminals getting their hands on them.  

- Notify relevant stakeholders. Your bank, insurance company and any other  important third party should be made aware of your identify theft. - Remember that cybercriminals are quick at adapting their techniques to  benefit from any opportunity. There are simple preventive actions you can  take to make it more difficult for them to access your devices and data:  

- If available, use antivirus software on all your electronic devices. - Keep your software updated, including your browser, antivirus and operating  system. 

- Browse and download only official versions of software and always from  trusted websites. 

- Be wary while browsing the internet and do not click on suspicious links, pop ups or dialog boxes. 

- Think twice before clicking on links or attachments within unexpected emails. - Set up unique passwords. Generate strong passwords or passphrases for  each individual website and service. This is where the use of a password  manager comes in handy. 

- Activate multifactor authentication functionality whenever possible for all of  your accounts.