Jennifer Lawrence photos
The big news in the last few days has been the posting of nude photos of Jennifer Lawrence. At this stage, it appears that her iCloud account was compromised. The breach is still under investigation at this point in time. This article at The Huffington Post has more details on the posting of the photos, whilst Arstechnica have more information on the attack in this article.
There are a few possibilities as to how the hacker obtained access to her account. One possibility is a phishing attack was used. Fake emails were used to garner the username and password. Possibly the attacker guessed her username. Even with two factor authentication, iCloud accounts (particularly of celebrities) are still vulnerable. Information on pets, first schools, etc. are common security questions. This information could be found by a determined attacker via some research on the internet.
Phishing is a basic form of attack, but it can be very effective. The steps used generally involve sending a carefully crafted email that appears to be from an organisation (such as Sony or Apple). Whilst the email may look convincing, there are usually some signs that the email is false. Be wary of emails requesting you to enter usernames and passwords if you have not requested a password reset.
At MailShark, our email filtering and anti-spam service can prevent phishing attacks occurring by safeguarding your email. Only legitimate email is allowed through; any emails that are considered suspect are quarantined. You can then view the quarantined emails via a web interface. MailShark offers this service for free.