Apple iCloud security scam: experts warn of hoax emails supposedly from Apple support

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Security experts have issued a warning to iCloud users advising them to be on the look-out for scammers trying to trick them into giving up their log-in credentials.

The security of Apple's digital back-up service has come under scrutiny this week after an unknown hacker or hackers posted nude images of numerous US celebrities online, claiming to have stolen the private photographs from their iCloud accounts.

Although security experts believe that the hacks took place due to poor password security or 'brute-force' password attacks rather than a failure in Apple’s encryption, users are still worried that their personal photos are less private than they thought – something that scammers are keen to take advantage of.

Security firm Symantec says these criminals are sending emails to iCloud users pretending to be from Apple support. They ask users to update or verify their Apple IDs in the wake of the recent scares, and when unsuspecting users enter their credentials these are sent back to the hackers - an attack known as 'phishing'.

Writing on the company's blog Satnam Narang says: “In addition to email scams, some users may be the recipients of a text message claiming to be from Apple Protection or another privacy or security group within Apple.

“The text claims that an unauthorized attempt to sign-in to the users’ iCloud account was detected and they need to respond back with their Apple ID and password or have their account locked out. This type of scam is what’s known as SMSishing (SMS/text phishing).”

Narang points out that US comedian Sarah Silverman tweeted that she had received one of these messages on the 22 August, a week and a half before the pictures were posted online.

If activated, Apple's iCloud service automatically syncs photos, contacts and emails located on users' iPhones with online servers. Hackers can then attempt to access these online accounts by either guessing users' passwords or stealing them using phishing attacks.

Celebrities targetted by the hackers have included Jennifer Lawrence, Kate Upton and Mary E. Winstead. Following the photos' release, Winstead tweeted: "Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this."

Unfortunately, this seems to be one of the main problems regarding the hack - celebrities were simply unaware that even as they were securely deleting photos from their mobile devices, iCloud was saving them to the cloud without their knowledge.