Feedback
Tech
Hacking of America

Simple Cyber Security Tips to Protect Your Online Accounts Against Hackers

Celebrities go to great lengths to ensure their security, often traveling with bodyguards and living in gated communities.

But when it comes to staying safe, there's one place where being guarded is not guaranteed whether you’re a grandma or a gazillionaire: cyber security.

The internet went nuts earlier this year when someone on Twitter noticed Facebook co-founder Mark Zuckerberg applies a piece of tape over his web cam — a low-key security trick to act as the last line of defense against potential cyber spies.

On the more serious end, look no further than the celebrity nude photo leaks.

FROM SEPT. 2, 2014: FBI, Apple probe celebrity hacking scandal 4:31

Ryan Collins, 36, of Lancaster, Pennsylvania, was sentenced on Thursday to 18 months in prison for his role in leaking private nude photos of celebrities he found by illegally accessing their Google and Apple accounts.

Related: Pennsylvania Man Is Charged in Celebrity Hack, Reaches Plea Deal

He is one of three men who have been convicted of leaking private celebrity photos, and is personally responsible for illegally accessing more than 100 accounts, prosecutors said. In total, the nude photo leak investigation included over 600 victims.

Image: Jennifer Lawrence Visits "The Tonight Show Starring Jimmy Fallon"
Jennifer Lawrence Visits "The Tonight Show Starring Jimmy Fallon" on May 23, 2016 in New York City. Theo Wargo / Getty Images

Collins' method for swiping the photos was shrewd but surprisingly easy — and one anyone can fall victim to it, experts say.

Between November 2012 and September 2014, Collins pulled off a carefully targeted cyber attack known as spear phishing. He sent targeted emails to his victims purporting to be from Apple and Google that seemed legitimate and tricked his high-profile targets into handing over their usernames and passwords, according to the U.S. Attorney for the Central District of California.

"It can look just about indistinguishable from an email you would get from one of those services. The way most people vet whether something looks legit is the visual appearance of the email," Shuman Ghosemajumder, chief technology officer at Shape Security and the former click fraud czar at Google, told NBC News.

Once Collins had his target's user name and password, he was able to access their private accounts, steal their photos and in some instances, according to prosecutors, download full backups from the iCloud.

So how can you tell if that email claiming to be from Apple, Google or another service where you have an account is legitimate?

Hundreds of Millions of Hacked Email Accounts Up for Sale Online 1:44

It all begins with gaining a little more cyber security savvy, which is something that benefits everyone — even if you're on the A-list.

Ghosemajumder said the quality of phishing emails is "getting better and outpacing education."

If you receive a suspicious email from a place where you have an account, he recommends never clicking on any links inside of it. Instead, go to the specific service provider's website and log in from there.

The same other usual cyber security tips apply here, including using different passwords for different accounts and enabling two-factor authentication, which will tip a user off anytime someone is trying to log on to their account from a new device.

Related: Inside the Psychology of Celebrity Hackers: 'It's a Badge of Honor'

As for the cloud, that mysterious place in internetland where your data lives instead of taking up space on your device, Ghosemajumder said it's nothing to be afraid of.

Sure, it's "fundamentally safer" to store something on a physical device behind a password, he said, but there isn't anything "inherently less secure about the cloud."

"Companies like Apple and Google put a lot of effort to make sure they are not vulnerable to security issues. The issue is that if your password itself is something someone can access, they can bypass all that security and get that sensitive data," he said.

At the end of the day, it all boils down to having a healthy sense of skepticism about the emails you receive, along with making and protecting strong passwords for all of your accounts, experts say.

Or, if you have the money, you could plunk down $14,000 or so for a military-grade smartphone to help thwart hackers — but a little cyber savvy will certainly cost a lot less.