Fake Cloud Warnings Are the New Phishing

If you regularly use modern technology, there’s a good chance that you also rely on cloud storage. Cloud storage is a way to save your files, like photos, documents, and videos, on remote servers instead of your device’s storage. Services like iCloud, Google Drive, and Microsoft OneDrive allow you to access your files from anywhere.

It’s convenient – but it also opens the door to phishing scams that mimic these services.

These scams go something like this: Scammers send fake alerts that look like legitimate warnings from the aforementioned cloud storage providers. These messages often claim your cloud storage is full or nearly full, urging you to upgrade your account or purchase more storage. But instead of actually helping, they’re attempting to steal your personal information.

We’ve warned readers about phishing scams before – but it bears repeating: fraudsters’ methods are always changing. Here are their most common tactics in this type of scam:

Fake pop-ups or notifications: These alerts often appear while you are browsing or using apps, and they are designed to look like legitimate alerts from your phone or tablet. They might say something like “Your iCloud Storage is full”. The goal is to get you to click a link that leads to a fake login page. Once you enter your credentials, scammers can access your account, steal your data, and lock you out.

The text message trap: This scam is a text message that claims your cloud storage is full. It might look something like “WARNING: Your cloud backup is at capacity. Upgrade now to avoid losing your files.” These messages often include a clickable link that looks legitimate, sometimes even using website links like ‘icloud-storage.com’ but they redirect you to fake websites designed to steal your login information.

Urgency and fear tactics: Messages that urge you to act quickly or risk losing access to your files are almost never real and should act as a warning sign of a potential scam.

Once a scammer accesses your personal login, they’re likely to change the password, take over your personal account and effectively lock you out. Therefore, it’s crucial to prevent these scams from ever occurring. Here is what the FTC recommends:

• Verify the source: Don’t click links in texts or emails. Instead, contact your cloud storage provider directly – not with a link provided in the suspicious message. Use a phone number or website you know is real, or log into your cloud account to see if you really need cloud space.
• Forward the email to the Anti-Phishing Working Group and report the phishing attempt to the FTC directly at ReportFraud.ftc.gov.
• Check your online banking regularly: One of the best ways to catch suspicious activity early is by checking in often. Use our online and banking mobile app to make it easy to stay on top of your account activity.

If you do fall victim to one of these scams, act fast:

• Contact your cloud provider directly.
• Try to reset your password and log out all active users.
• Review your financial accounts for any unusual activity.
• Reach out to your financial institution right away. We’re here to help.

By being aware of these potential scams, you improve your odds of keeping your personal information where it belongs: in private. For more information on scams like these, please visit the FIBT Education Center.