It’s all over the news—private photographs of celebrities, including Jennifer Lawrence and Kate Upton, were posted online over the weekend. As for how they were obtained, various reports have suggested the attacker gained access to the celebrities’ Apple iCloud accounts. Based on the widespread interest in this story, we are warning users about scams around this narrative.
Apple ID phishing
Whether or not iCloud was the point of compromise in this incident, scammers have been interested in stealing these credentials for some time. We previously wrote about email scams claiming to be from Apple support asking users to update or verify their Apple IDs (Apple IDs are used for setting up an iCloud account). These emails contain links to phishing websites that will capture your Apple ID credentials and send them back to the attackers.
Figure 1. Example of a fake email from Apple support
In addition to email scams, some users may be the recipients of a text message claiming to be from Apple Protection or another privacy or security group within Apple. The text claims that an unauthorized attempt to sign-in to the users’ iCloud account was detected and they need to respond back with their Apple ID and password or have their account locked out. This type of scam is what’s known as SMSishing (SMS/text phishing).
Figure 2. SMSishing for Apple IDs
A few weeks ago, well-known comedian Sarah Silverman tweeted that she received one of these SMSishing messages.
Because of the continued narrative surrounding iCloud as the point of compromise, we expect to see more successful phishing attempts of Apple IDs.
Searching for celebrity nude photos and videos
Since this story broke, users have taken to various social networks and search engines to look for news about the stolen photographs. Knowing that people are searching for this content, it hasn’t taken long for scammers to try to take advantage of it.
Victoria Justice, one of the celebrities whose name was associated with the stolen photographs, took to Twitter to clarify that the alleged nude photographs of her were in fact fakes.
Figure 3. Example of a scammer on Twitter capitalizing on the news
The first tweet to respond to Victoria came from someone claiming that TMZ had leaked more nude photographs of celebrities. The tweet also included a link that redirects users to a website that looks like the real TMZ site. Ultimately, users are led to a website that asks them to install a Flash video player. The scammer will earn money for each successful installation through an affiliate program.
Words of advice
Because the person responsible for sharing these images stated that they would have more to show in the coming days, we strongly encourage users not to click on links that offer additional photos or video footage of these celebrities. Those links could lead to phishing sites or software downloads of malware or adware.
Users should also be wary of emails or text messages claiming to be from Apple support, security, or protection groups. Don’t click on any links in these emails and never send your Apple ID credentials in a text message.