If you remember the nude celebrity photo leak in September of 2014 (and who could forget?), you may be interested to learn that it was perpetrated by a simple phishing scheme, which was reliant on the willingness of recipients to click on a link contained in a spam email they were sent. In this case, several of the celebrities who were targeted were only too willing to follow the links and in the process they unwittingly parted with personal information, including the names of other email accounts they possessed and the passwords they used to access these accounts. Jennifer Lawrence, Kate Upton, and Jessica Brown Findlay were among those who were affected
California Court Case
The information regarding the method used to hack into the affected celebrities’ email and iCloud accounts was contained in court documents that were filed in California to support the case against Mr Ryan Collins, the man behind the photo leak. Information in the documents suggests that Mr Collins operated a phishing scheme over a period of nearly two years – from November 2012 to September 2014 – during which time he accumulated passwords for as many as 72 separate Gmail and iCloud accounts.
At the time of the leak, there was speculation as to whether the security of Apple’s iCloud itself had been breached: speculation the tech giant vehemently denied. Judging by the evidence that has now come to light, which points the finger of blame firmly at phishing sites and spam emails, Apple were right to deny that their security had been penetrated: it was the celebrities themselves who handed over the keys to their private online photo stores.
The crime with which Mr Collins is being charged – violating the Computer Fraud and Abuse Act – could earn him up to 5 years imprisonment, which although not a lifetime is certainly enough of a deterrent when you consider the frivolous nature of the hacking and subsequent photo leaks. In addition to the photos that he found, Mr Collins was also able to download complete back up copies of some of the iCloud accounts to which he gained access.
Using Your Common Sense
It is of course easy to judge the actions of others in hindsight and wonder how they could have been so careless but some phishing schemes are quite sophisticated and can be very easy to fall for if you are not completely alert when opening your emails. The easiest way to ensure that you never inadvertently give away personal information to a third party online is to ignore all emails from unknown senders. Unless you are 100% sure of the identity of the person or organisation in question, do not even open the messages to read them.
If you would rather remove the temptation at source, you can of course invest a small sum of money in an effective spam filter that will not only help you to avoid phishing scams such as this one, it will also stop viruses and malware from reaching their intended target.