Last Friday, 25 year old Christopher Lamb was arrested on charges related to hacking into the phones, social media accounts and cloud accounts of 20 women including a number of juveniles. According to Connecticut State Police, Lamb stole embarrassing photos from his victims and then threatened his victims with the wide distribution of these photos unless they sent him nude photos. None of his victims gave in to his demand, whereupon Lamb, according to police, disseminated the photos to lewd websites as well as the families and employers of his victims.
This type of crime has occurred increasingly since 2014 when the first of many celebrity nude photos circulated that had been stolen from hacked accounts and phones. While at the initial time that the celebrity photos were stolen from their iCloud and Gmail accounts there were questions about the security of the Cloud and Gmail, eventually it became known that the hackers used spear phishing emails to their victims posing as as the victims’Internet Service Providers, Apple, Yahoo and Hotmail to trick their victims into providing their user names and passwords to the hackers enabling them to readily access the photos in the Cloud or in their Gmail accounts.
At the moment we don’t know how Lamb managed to hack into his victims’ accounts, but it is highly likely that he used the same type of social engineering trickery to get the user names and passwords of his victims.
TIPS
There are a number of lessons to be learned from this crime about how to protect our own security.    It is important to resist providing your username and passwords in response to emails and text messages unless you have absolutely and independently confirmed that the request is legitimate, which such requests seldom are.  If you have any concern that such a request might be legitimate, merely call the real company to confirm the legitimacy of the communication.
Also, take advantage of the dual-factor identification protocols offered by Apple and many others.  With dual-factor identification, your password is only the starting point for accessing your account.  After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account.  In some instances, the companies will only send the code to you if your account is being accessed from a different device than you usually use to access your accounts.  Had Jennifer Lawrence and the other hacked celebrities used dual-factor identification, they would still have their privacy.
It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be accurate.  Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones.  However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”