(NBC News/Alyssa Newcomb) — Celebrities go to great lengths to ensure their security, often traveling with bodyguards and living in gated communities.

But when it comes to staying safe, there's one place where being guarded is not guaranteed whether you're a grandma or a gazillionaire: cyber security.

The internet went nuts earlier this year when someone on Twitter noticed Facebook co-founder Mark Zuckerberg applies a piece of tape over his web cam — a low-key security trick to act as the last line of defense against potential cyber spies.

On the more serious end, look no further than the celebrity nude photo leaks.

Ryan Collins, 36, of Lancaster, Pennsylvania, was sentenced on Thursday to 18 months in prison for his role in leaking private nude photos of celebrities he found by illegally accessing their Google and Apple accounts.

He is one of three men who have been convicted of leaking private celebrity photos, and is personally responsible for illegally accessing more than 100 accounts, prosecutors said. In total, the nude photo leak investigation included over 600 victims.

Collins' method for swiping the photos was shrewd but surprisingly easy — and one anyone can fall victim to it, experts say.

Between November 2012 and September 2014, Collins pulled off a carefully targeted cyber attack known as spear phishing. He sent targeted emails to his victims purporting to be from Apple and Google that seemed legitimate and tricked his high-profile targets into handing over their usernames and passwords, according to the U.S. Attorney for the Central District of California.

"It can look just about indistinguishable from an email you would get from one of those services. The way most people vet whether something looks legit is the visual appearance of the email," Shuman Ghosemajumder, chief technology officer at Shape Security and the former click fraud czar at Google, told NBC News.

Once Collins had his target's user name and password, he was able to access their private accounts, steal their photos and in some instances, according to prosecutors, download full backups from the iCloud.

So how can you tell if that email claiming to be from Apple, Google or another service where you have an account is legitimate?

It all begins with gaining a little more cyber security savvy, which is something that benefits everyone — even if you're on the A-list.

Ghosemajumder said the quality of phishing emails is "getting better and outpacing education."

If you receive a suspicious email from a place where you have an account, he recommends never clicking on any links inside of it. Instead, go to the specific service provider's website and log in from there.

The same other usual cyber security tips apply here, including using different passwords for different accounts and enabling two-factor authentication, which will tip a user off anytime someone is trying to log on to their account from a new device.

Read the full story at NBCNews.com