How to stay safe against iCloud phishing attacks after Emma Watson nude photos reportedly leak

Nude and private photos of celebrities including Emma Watson and Amanda Seyfried are circulating online, according to reports, leading to fears of a second major hacking attack.

As with 2014's famous iCloud attack, the photos appear to have been stolen from people's phones and then traded online. In both cases, the photos appear to be old – suggesting that, like 2014's attack, the pictures have been circulating among collectors for some time.

It is likely that the photos were stolen using fairly simple cyber attacks, of the kind that could hit anyone. While the recent spate of cyber attacks have become famous because of who they affected and the nature of the photos, the same techniques could be used to steal the most personal information from anyone.

If the photos were stolen using a phishing attack, as is suspected, then it could hit anyone at any time and without them necessarily knowing. But there are important ways to stay safe from it.

Such attacks usually start with an email or another message, claiming to come from somewhere official. The recent hacks appear to be based around iCloud and stealing people's Apple IDs, but the same technique can be used for any kind of login, and websites like Gmail and Facebook are often spoofed in the exact same way.

The email will usually indicate that someone needs to click on a link and then sign in – for a variety of reasons, including the fact that their password has been stolen or their account is somehow insecure. But in fact signing in hands over that password – because what looks like an email and website from Apple isn't at all.

The problem emails are in fact from scammers that pretend to be Apple – and create websites looking exactly like them – that can harvest people's passwords and use them to log in. Once that's done, a hacker can gain access not only to your pictures but to your bank accounts, messages and everything else.

Such attacks can be prevented by being extra vigilant about any email that comes and appears to be from a service you use, especially if it asks for a password. Some of those emails might be obviously fake – using addresses that are actually slight variations on the official Apple or iCloud ones.

It's also worth noting that if you are in any doubt at all, you should never click through on a link and enter your password. Any legitimate email will allow you to do so from the proper website itself, and with all major companies like Apple you should be able to get in contact with the company and verify why your password is being asked for.

You should also never click on or download any kind of large attachment from an unknown person, whether or not they are claiming they work for Apple or anyone else. Those attachments can work in the same way – looking like official forms but actually sending the details that are entered along to someone else.

iCloud accounts, like other secure online services, can be made more safe by enabling two-factor authentication. With iCloud, that works by only letting you log in if you have access to another phone that has already logged in – when that happens, your phone or other device will show a code that can be entered to verify that you're really trying to log in, along with the details of the person attempting to do so.

That can also serve as an alert for if someone does appear to have your password, and are trying to log in. If you receive such a code without having requested it, your account could be compromised and it's worth changing your password.

Two-factor authentication is turned on from the iCloud settings, either on your phone or on your Mac. In both cases, head ot the security settings and click to turn it on – once that's done, your account will be much more secure.