The reality of the 'Cloud storage is full' scam email and how to deal with it

Imagine receiving a warning email in your mailbox saying, 'Your cloud storage is full.' It also says, 'If you continue like this, you will lose important photos, documents, and personal data, so please upgrade your cloud storage,' along with a special offer to expand your cloud storage capacity. In most cases, this is a scam email that exploits users' sense of trust and impatience. The security blog

https://malwaretips.com/blogs/your-cloud-storage-is-full-email-scam/

The 'Cloud storage full' scam email is a deceptive tactic used by cybercriminals to trick individuals into revealing sensitive information or making fraudulent payments. These scam emails are crafted to resemble legitimate email notifications from trusted cloud service providers such as iCloud, Google Drive, and Dropbox.

The email subject lines often include phrases like 'Your iCloud account may be at risk' or 'Action required: Cloud storage is full.' While the sender's email address may mimic an official domain, it often contains unnatural spellings or misspellings. For example, while Apple's official email address is '[email protected],' scammers often use addresses like '[email protected],' which mimics Apple's official email address.

Phishing email attacks appearing to be sent from '[email protected]' - GIGAZINE

The email warns that your cloud storage has reached its capacity limit and that failure to act will result in data loss. While some messages offer specific consequences, such as deleting photos, videos, contacts, and documents, others offer limited-time special offers, such as adding 50GB of storage for just $1.95, to motivate you to act quickly.

Scam emails often incorporate official logos, colors, and formatting to appear more believable, but upon closer inspection, they can sometimes be flawed by misalignment or inconsistencies in content compared to legitimate emails claiming to be from service providers.

The scam emails always contain prominent links or buttons such as 'Upgrade your storage now' or 'Apply for additional storage,' which, when clicked, lead to websites designed to steal personal information or install malicious software.

Other variations of the 'cloud storage is full' scam email include:

・Various service providers
Scam emails typically target iCloud and Google Drive users, but there are also fake emails targeting users of other services like Dropbox, OneDrive, and pCloud.

Alternative communication channels
In addition to email, some cybercriminals also use text messages and phone calls to carry out similar fraudulent activities.

・Localized content
To increase their credibility, some scam emails are customized to reflect the recipient's language, region, and even specific usage patterns. These localized scam emails are more convincing and harder to detect, the MalwareTips Blog noted.

The 'cloud storage full' scam email follows a series of carefully designed steps, roughly as follows:

◆1: Create a fake email
They create fake emails that closely resemble official emails from cloud service providers. Specifically, they create addresses that closely resemble the official email addresses of cloud service providers, and use subject lines such as 'Action Required Immediately: Cloud Storage is Full' or 'Account Data at Risk' to create a sense of urgency in users. In other cases, they use official logos to make the emails appear more visually authentic.

◆2: Embed malicious links or attachments
They prepare malicious websites or malware to lure recipients. They lure victims to malicious websites or malware download links via links that say 'Upgrade now' or 'Manage storage.' In some cases, the emails contain attachments that claim to contain invoices or account information, enticing users to check the contents. However, opening the attachment installs malware.

◆3: Redirect to a phishing site
They create phishing sites that mimic official websites and lure users to them. By tricking users into entering personal information such as login credentials and payment information, cybercriminals steal sensitive information. In addition to phishing sites designed to steal information, cybercriminals also lure users to affiliate sites in order to earn click-based advertising revenue.

Additionally, in some cases, the credibility and effectiveness of phishing scams can be increased by changing the phishing site displayed based on the target's location, such as directing American targets to phishing sites impersonating iCloud or Google Drive, and European targets to phishing sites impersonating Dropbox or OneDrive.

◆4: Misuse of stolen information
Cybercriminals may use stolen user account information to take over accounts, allowing victims to further steal photos and other data from their accounts. It has also been pointed out that stolen payment information could allow cybercriminals to conduct fraudulent transactions or sell payment information on the dark web. Cybercriminals may also use victims' accounts to send phishing emails in an attempt to further their damage.

◆5: Expanding business by avoiding detection
Cybercriminals may also delete emails sent from compromised accounts to remove evidence, and may even use the account recovery option on compromised accounts to change passwords and prevent the original user from accessing the account, potentially prolonging their unauthorized access.

'These multi-layered techniques make the Cloud Storage Full scam particularly dangerous,' explains the MalwareTips Blog.

To protect yourself from these sophisticated 'cloud storage full' scams, the researchers recommend disconnecting your device from the internet if you have downloaded any attachments, changing your passwords for any cloud services you use and enabling two-factor authentication, immediately freezing and replacing your credit card if you suspect your payment information has been stolen, scanning for malware with antivirus software, informing friends and family of the hacked access and warning them not to click on any fraudulent emails they may receive, and changing your passwords for any services that use the stolen email address.