A new phishing scam is tricking users into clicking on fake ‘Cloud Storage Full’ alerts. These fraudulent messages mimic legitimate cloud storage services and warn users that their photos and videos are about to be deleted unless they upgrade their storage. Once users click the link, they are directed to a fake website that demands payment for a small fee, only to have their credit card or PayPal details stolen. Trend Micro researchers have identified a 531% increase in scam activity between September and October, showing just how rapidly this scheme is spreading.
The scam works by sending personalized messages through SMS or iMessage that include the user’s name and a fake count of photos or videos. These messages create a sense of urgency, prompting users to act quickly to prevent data loss. The fake websites that users are directed to are designed to look very similar to legitimate cloud storage platforms, using progress bars, countdown timers, and warnings that personal data will be lost unless a small fee is paid. The site even simulates the layout of popular cloud storage services, making it extremely convincing for users.
Once users enter their credit card or PayPal information, scammers harvest the data instantly. This stolen information can be used for unauthorized purchases, credential stuffing, or resale on dark web markets. Some victims even receive fake receipt emails to make the charge appear legitimate, further encouraging them to believe the fraudulent transaction is real. Trend Micro reports that some scam sites later redirect to legitimate pages like iolo.com to hide their tracks, making it even more challenging for users to detect the scam.
Jon Clay, VP of threat intelligence at Trend Micro, has highlighted the emotional manipulation that this scam relies on. He warns that these messages play on users’ fear of losing irreplaceable memories, particularly targeting older adults who may be more likely to believe the warnings are legitimate. Clay emphasizes the importance of verifying alerts through official cloud storage apps or websites rather than clicking on unsolicited links. He also notes that the recent spike in ‘Cloud Storage Full’ scams shows how effectively cybercriminals are using emotional triggers to manipulate users into making quick, impulsive decisions.
Security experts recommend several practices to protect users from this scam. These include always opening cloud storage apps or visiting official websites directly to verify alerts, avoiding clicking on links in unsolicited messages, and using strong antivirus protection. Enabling multi-factor authentication (MFA) for all cloud and payment accounts is also crucial, as it adds an extra layer of security if a user’s login is compromised. Additionally, reviewing credit card and account statements regularly can help detect suspicious activity early.
Scammers are using the current climate of heightened anxiety and concern about data security to their advantage. By mimicking the look and feel of legitimate cloud services, they are able to trick users into believing they are interacting with a trusted company. This underscores the importance of educating users about common scam tactics and the necessity of verifying all alerts through official channels. Experts also emphasize the value of using data removal services to decrease the amount of personal information available online, thereby reducing the risk of targeted scams.
While there is no guaranteed way to completely eliminate the risk of falling victim to these scams, taking proactive steps can significantly reduce the likelihood of being targeted. These include being cautious of unsolicited messages, using strong security software, and staying informed about the latest scam tactics. By remaining vigilant and adopting safe online practices, users can better protect themselves from the growing threat of phishing scams.