Celebrities go to great lengths to ensure their security, often traveling with bodyguards and living in gated communities.
But when it comes to staying safe, there’s one place where being guarded is not guaranteed whether you’re a grandma or a gazillionaire: cyber security.
The internet went nuts earlier this year when someone on Twitter noticed Facebook co-founder Mark Zuckerberg applies a piece of tape over his web cam — a low-key security trick to act as the last line of defense against potential cyber spies.
On the more serious end, look no further than the celebrity nude photo leaks.
Ryan Collins, 36, of Lancaster, Pennsylvania, was sentenced on Thursday to 18 months in prison for his role in leaking private nude photos of celebrities he found by illegally accessing their Google and Apple accounts.
He is one of three men who have been convicted of leaking private celebrity photos, and is personally responsible for illegally accessing more than 100 accounts, prosecutors said. In total, the nude photo leak investigation included over 600 victims.
Collins’ method for swiping the photos was shrewd but surprisingly easy — and one anyone can fall victim to it, experts say.
Between November 2012 and September 2014, Collins pulled off a carefully targeted cyber attack known as spear phishing. He sent targeted emails to his victims purporting to be from Apple and Google that seemed legitimate and tricked his high-profile targets into handing over their usernames and passwords, according to the U.S. Attorney for the Central District of California.
“It can look just about indistinguishable from an email you would get from one of those services. The way most people vet whether something looks legit is the visual appearance of the email,” Shuman Ghosemajumder, chief technology officer at Shape Security and the former click fraud czar at Google, told NBC News.
Once Collins had his target’s user name and password, he was able to access their private accounts, steal their photos and in some instances, according to prosecutors, download full backups from the iCloud.
So how can you tell if that email claiming to be from Apple, Google or another service where you have an account is legitimate?
It all begins with gaining a little more cyber security savvy, which is something that benefits everyone — even if you’re on the A-list. Ghosemajumder said the quality of phishing emails is “getting better and outpacing education.”
If you receive a suspicious email from a place where you have an account, he recommends never clicking on any links inside of it. Instead, go to the specific service provider’s website and log in from there.
The same other usual cyber security tips apply here, including using different passwords for different accounts and enabling two-factor authentication, which will tip a user off anytime someone is trying to log on to their account from a new device.
As for the cloud, that mysterious place in internetland where your data lives instead of taking up space on your device, Ghosemajumder said it’s nothing to be afraid of.
Sure, it’s “fundamentally safer” to store something on a physical device behind a password, he said, but there isn’t anything “inherently less secure about the cloud.”
“Companies like Apple and Google put a lot of effort to make sure they are not vulnerable to security issues. The issue is that if your password itself is something someone can access, they can bypass all that security and get that sensitive data,” he said.
At the end of the day, it all boils down to having a healthy sense of skepticism about the emails you receive, along with making and protecting strong passwords for all of your accounts, experts say.
Or, if you have the money, you could plunk down $14,000 or so for a military-grade smartphone to help thwart hackers — but a little cyber savvy will certainly cost a lot less.
(Source: By Alyssa Newcomb, NBC News October 29, 2016)