Scamwatch: iCloud fraud

Nude celebrity photo scandal being used to scam consumers

Updated: 
Christian Dior : Outside Arrivals - Paris Fashion Week : Haute-Couture Fall/Winter 2014-2015

Stay one step ahead of the fraudsters with our series of articles on the scams they use to trick you out of your hard-earned cash.

This week, we investigate how criminals are using the celebrity photo leaking scandal to defraud iPhone users.

How does it work?

Unscrupulous criminals are using the fact that hackers managed to access nude photos of celebrities such as Jennifer Lawrence and publish them online to trick Apple customers, including iPhone users, into handing over their own iCloud account details.

Those targeted receive an email or a text message, supposedly from Apple, warning them about unauthorised access to their accounts and advising them to go into their accounts to ensure they are protected.

The aim is to dupe people into entering their Apple ID and password details into a fake login screen, thereby giving the fraudsters access to their iCloud accounts, including their iTunes libraries, photos and personal details.

How can I avoid being caught out?

Apple denies that iCloud security is responsible for the celebrity photos being leaked, and is not sending out emails or text messages telling its customers to check their accounts.

So if you receive a message of this kind, the most sensible approach is to ignore it.

If you do want to check an account, iCloud or otherwise, the best way to protect yourself against fraud is to always open a separate window and check your account from there - making sure that the web address is the one you usually see.

On an online banking website, for example, the web address should start with https, indicating that it is secure.

Ways to spot so-called phishing emails designed to gain access to your personal information include looking out for spelling mistakes and grammatical errors and being wary of messages that are addressed to a "valued customer" rather than you in person.

I've been defrauded. What should I do?

If you think you may have fallen victim to this phishing scam, the best way to limit the impact is to change your account login details as soon as possible so that the fraudsters can no longer access it.

If they may have been able to get their hands on details of any other accounts, such as your current account or credit card, it is also vital to contact the banks or lenders involved.

Finally, anyone who has been the victim of internet crime should report the problem to Action Fraud (0300 123 2040), which can then take action to catch the fraudsters involved.

Stay scam aware...
Scamwatch: latest phone fraud

Summer scamwatch: transport fraud

Summer scamwatch: holiday club fraud

iCloud Hacked - How to Protect Yourself