How to stay safe against iCloud phishing attacks after Emma Watson nude photos reportedly leak

The same attack thought to be used against celebrities can target normal people in a variety of ways

Andrew Griffin
Thursday 16 March 2017 07:24 EDT
Comments
(Getty Images for People.com)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Nude and private photos of celebrities including Emma Watson and Amanda Seyfried are circulating online, according to reports, leading to fears of a second major hacking attack.

As with 2014's famous iCloud attack, the photos appear to have been stolen from people's phones and then traded online. In both cases, the photos appear to be old – suggesting that, like 2014's attack, the pictures have been circulating among collectors for some time.

It is likely that the photos were stolen using fairly simple cyber attacks, of the kind that could hit anyone. While the recent spate of cyber attacks have become famous because of who they affected and the nature of the photos, the same techniques could be used to steal the most personal information from anyone.

If the photos were stolen using a phishing attack, as is suspected, then it could hit anyone at any time and without them necessarily knowing. But there are important ways to stay safe from it.

Such attacks usually start with an email or another message, claiming to come from somewhere official. The recent hacks appear to be based around iCloud and stealing people's Apple IDs, but the same technique can be used for any kind of login, and websites like Gmail and Facebook are often spoofed in the exact same way.

The email will usually indicate that someone needs to click on a link and then sign in – for a variety of reasons, including the fact that their password has been stolen or their account is somehow insecure. But in fact signing in hands over that password – because what looks like an email and website from Apple isn't at all.

The problem emails are in fact from scammers that pretend to be Apple – and create websites looking exactly like them – that can harvest people's passwords and use them to log in. Once that's done, a hacker can gain access not only to your pictures but to your bank accounts, messages and everything else.

Such attacks can be prevented by being extra vigilant about any email that comes and appears to be from a service you use, especially if it asks for a password. Some of those emails might be obviously fake – using addresses that are actually slight variations on the official Apple or iCloud ones.

It's also worth noting that if you are in any doubt at all, you should never click through on a link and enter your password. Any legitimate email will allow you to do so from the proper website itself, and with all major companies like Apple you should be able to get in contact with the company and verify why your password is being asked for.

You should also never click on or download any kind of large attachment from an unknown person, whether or not they are claiming they work for Apple or anyone else. Those attachments can work in the same way – looking like official forms but actually sending the details that are entered along to someone else.

iCloud accounts, like other secure online services, can be made more safe by enabling two-factor authentication. With iCloud, that works by only letting you log in if you have access to another phone that has already logged in – when that happens, your phone or other device will show a code that can be entered to verify that you're really trying to log in, along with the details of the person attempting to do so.

That can also serve as an alert for if someone does appear to have your password, and are trying to log in. If you receive such a code without having requested it, your account could be compromised and it's worth changing your password.

Two-factor authentication is turned on from the iCloud settings, either on your phone or on your Mac. In both cases, head ot the security settings and click to turn it on – once that's done, your account will be much more secure.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in