After pleading guilty to a charge of felony computer hacking, 29 year old Andrew Helton of Portland Oregon is facing a sentence of up to five years in prison when he is sentenced on June 2nd. Between March 2011 and Mary 2013, Helton used a phishing scheme to steal the usernames and passwords of 363 Apple and Google email accounts including those of many celebrities. Once he had access to his victims’ email accounts he was able to access all of the contents of their email accounts including 161 sexually explicit or nude images of thirteen of his victims, some of whom were celebrities. It should be noted that Helton did not post any of the stolen photos online and his case is totally unrelated to the stealing and posting of nude photos of celebrities including Jennifer Lawrence and Kate Upton that occurred in September of 2014.
Helton obtained the usernames and passwords of his victims through a simple phishing scheme by which he sent emails to his victims that appeared to come from Apple or Google in which his victims were asked to verify their accounts by clicking on a link which took them to a website that appeared to be a login page for Apple or Google. Once they entered their information, Helton had all that he needed to access his victims’ accounts.
The type of phishing scam used by Helton is one used by many other scammers as well and it is easy to defend. Always be skeptical when you are asked to provide your personal information, such as your user name, password or any other personal information in response to an email or text message. Trust me, you can’t trust anyone. Always look for telltale signs that the communication is phony, such as bad grammar or the sender’s email address which may not relate to the real company purporting to send you the email. Beyond this, even if the email or text message appears legitimate, it is just too risky to provide personal information in response to any email or text message until you have independently verified by contacting the company that the communication is legitimate.
In addition, you should not store personal data or any photos or other material on your email account. Store such data in the cloud or some other secure place.