Apple iCloud security scam: experts warn of hoax emails supposedly from Apple support

Celebrities including Kate Upton (above) were targeted by hackers who posted nude and revealing pictures of actresses, musicians and models online

Click to follow
The Independent Tech

Security experts have issued a warning to iCloud users advising them to be on the look-out for scammers trying to trick them into giving up their log-in credentials.

The security of Apple's digital back-up service has come under scrutiny this week after an unknown hacker or hackers posted nude images of numerous US celebrities online, claiming to have stolen the private photographs from their iCloud accounts.

LIVE: Apple iPhone 6 event

Although security experts believe that the hacks took place due to poor password security or 'brute-force' password attacks rather than a failure in Apple’s encryption, users are still worried that their personal photos are less private than they thought – something that scammers are keen to take advantage of.

Security firm Symantec says these criminals are sending emails to iCloud users pretending to be from Apple support. They ask users to update or verify their Apple IDs in the wake of the recent scares, and when unsuspecting users enter their credentials these are sent back to the hackers - an attack known as 'phishing'.

Fig1_17.png
An example of a fake phishing email. Credit: Symantec

Writing on the company's blog Satnam Narang says: “In addition to email scams, some users may be the recipients of a text message claiming to be from Apple Protection or another privacy or security group within Apple.

“The text claims that an unauthorized attempt to sign-in to the users’ iCloud account was detected and they need to respond back with their Apple ID and password or have their account locked out. This type of scam is what’s known as SMSishing (SMS/text phishing).”

Narang points out that US comedian Sarah Silverman tweeted that she had received one of these messages on the 22 August, a week and a half before the pictures were posted online.

If activated, Apple's iCloud service automatically syncs photos, contacts and emails located on users' iPhones with online servers. Hackers can then attempt to access these online accounts by either guessing users' passwords or stealing them using phishing attacks.

Celebrities targetted by the hackers have included Jennifer Lawrence, Kate Upton and Mary E. Winstead. Following the photos' release, Winstead tweeted: "Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this."

Unfortunately, this seems to be one of the main problems regarding the hack - celebrities were simply unaware that even as they were securely deleting photos from their mobile devices, iCloud was saving them to the cloud without their knowledge.

Emma Watson: 'Even worse than seeing women's privacy violated is reading the comments'
Jennifer Lawrence nude photos leak: FBI and Apple to investigate hacking of iCloud

Comments