How to Avoid Starlet Nude-Selfie Scams

Victoria Justice at the 'Shrek Forever After' premiere in New York, April 2010. Credit: Sam Aronov/Shutterstock

(Image credit: Victoria Justice at the 'Shrek Forever After' premiere in New York, April 2010. Credit: Sam Aronov/Shutterstock)

Searching online for those "hacked" nude photos of celebrities? If so, don't download any applications or media players that promise to show you the stolen images, and be very careful about clicking on links that offer the same.

Worried that your own iCloud account might be broken into? Fair enough, but don't respond to emails from "Apple" asking you to change your Apple ID password.

The media explosion surrounding the massive leak of celebrity nude photos this past weekend creates a perfect opportunity for spammers and malware distributors to entice people into falling for their scams. Gullible thrill-seekers may let curiosity overwhelm common sense, while concerned iPhone users may be susceptible to warnings that they, too, are at risk.

MORE: How to Turn On 2-Step Verification for Apple Accounts

So if you're looking for a starlet's secret sex tape, and a website says you've got to update your Adobe Flash Player software to see it, don't believe it. The Flash "update" is probably malware, and the sex tape probably doesn't exist.

Malware spotters at Symantec have already seen this happening; one tweet, responding to starlet Victoria Justice's denial that one nude image was of her, asked readers to go to a bogus TMZ page that required them to install a malicious "Flash player."

The same goes for websites that ask you to install a "file viewer" to view photographs. Don't install it; close the page instead. You'll be able to find what you're looking for elsewhere without adding extra software.

As for exactly how the nude photos were obtained, there's been a lot of talk that a flaw in Apple's iCloud service was to blame. That's far from being proven, but the hype has millions of iPhone users concerned that their own accounts may be hacked into.

Apple admitted today (Sept. 2) that "certain celebrity accounts" were hit by "a very targeted attack on user names, passwords and security questions," but denied finding "any breach in any of Apple's systems."

Ironically, worried people may be at greater risk simply because they're worrying about it. One sure-fire way to get your iCloud account hacked is to respond to bogus emails or text messages that tell you it's time to change your Apple ID password.

Such messages may look real, mimicking the look and feel of genuine communications from Apple. But when they whisk you to the "Apple" Web page where you can change your password, check the URL — it's probably on a totally bogus domain such as "apple.hahaha.com" or "icloudreset.seeyasuckas.ru."

If you're worried about your Apple ID password, or whether your racy pictures might be exposed for the world to see, read our primer on how to prevent your nude photos from going online.

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.