How hackers get celebrity naked photos from iCloud

Over the past couple of days my email inbox has been filling up with messages from Apple. These express concern that my account has been used to buy items on the iTunes Store or App Store from a device that has not previously been connected to my account. Basically, someone has hacked into my account and is using it to buy stuff. Or have they?

When you get an email like this you should immediately be suspicious. Trust no-one, suspect everyone! Seriously though, it is so easy to fake emails that the first thought that enters your mind should be, is this real?

The first thing you should do is to look who sent it and who they sent it to. By expanding the message header so that more information about the sender can be seen, here is what the email looks like:

Fake Apple email header

It certainly looks like this is an email that has been sent from Apple, but as I said, emails are easily faked and the From field is particularly easy to fake. This email may or may not be from Apple.

I have an advantage over some people here because I have several email addresses. The one the email was sent to is not the one I use with Apple and the company does not know this email account exists. This instantly flags the message as fake. Email addresses are free, so why not get another one and only use it with Apple, your bank and one or two other trusted companies? If an email doesn't come to your 'special' email address you will instantly know that it is fake. You don't even need to read the email to know it isn't real.

Let's move on to the body of the email. This is what it looks like and graphically it in in the style of an Apple email. I've cropped the image, but if you could see the full email you would see the paper graphic and shadow around the edges.

Fake Apple email

Have you ever had an email from Apple that starts with 'Good day'? That is an odd way to start an email and Apple emails usually start with 'Dear Roland Waddilove'. That flags this up as a scam or phishing email because the scammer doesn't know my name.

There is an IP address in the message that claims to be from Rostov, Russia, but when I looked it up (use www.ip-adress.com/ip_tracer/217.149.86.127), it is in Italy. So the email contains false information.

Finally, when the mouse hovers over the Apple ID link that it urgently recommends me to click, the URL displayed is weird and definitely not an Apple one. Don't click links in emails because it is easy to disguise them.

With all the trouble over the naked photos of celebrities posted on the web recently, such as Jennifer Lawrence and others, it makes you wonder whether a phishing email scam like this was the way that their Apple accounts were hacked. Beware of fake emails and never click links in them.

 

Share

Add new comment

By submitting this form, you accept the Mollom privacy policy.

Related items you will like...