Back
Technology

Scam Emails Impersonating Apple iCloud Target Users with Data Deletion Threats

Generated on: Last updated: 1 sources
View source

Warning Issued Over iCloud Phishing Scam Threatening Data Deletion

UK consumer body Which? has issued a public warning about a phishing campaign impersonating Apple's iCloud service, designed to harvest payment and personal information.

How the Scam Works

Scammers are sending fraudulent emails designed to appear as official communications from Apple. The core claim in these messages is that the recipient's iCloud storage is full and their account has been blocked.

The emails state that photos, videos, and other data will be deleted unless immediate action is taken. The messages contain buttons or links, often labeled to "upgrade storage" or "update payment methods." Clicking these links directs users to phishing websites engineered to collect bank details and personal information.

Identifying the Fraudulent Emails

Authorities highlight several characteristics that can help identify these scam emails:

  • Subject Lines & Content: Common phrases include:

    • "We've blocked your account! Your photos and videos will be deleted on [date]"
    • "Your payment method has expired!... Your cloud service has been disabled"
    • "iCloud Storage Alert"
    • "Payment failed for your Cloud storage renewal"

  • Follow-up Messages: Some recipients report receiving subsequent emails labeled as "final warnings" if no response is given to the initial message.

  • Sender Information: The sender email addresses often use domains that do not match Apple's official domains. Multiple sources cite examples containing references to Ecuador or Ukrainian business domains (e.g., .biz.ua).

  • Errors: Some of the emails contain spelling or grammatical errors.

What to Do If You Receive a Suspicious Email

Do not click on any links or buttons within these suspicious emails.

Authorities and consumer groups advise the following steps:

  • Do Not Provide Information: Do not enter any personal, financial, or payment information on any website linked from these emails.
  • Report the Emails:
    • In the UK, suspected scam emails can be forwarded to report@phishing.gov.uk.
    • Emails specifically impersonating iCloud can be reported to reportphishing@apple.com and/or abuse@icloud.com.
  • Verify Storage Legitimately: To check iCloud storage status or upgrade storage, users should navigate directly through their device's settings menu (e.g., on an iPhone, go to Settings > iCloud).
  • Contact Financial Institutions: If bank or payment details have been provided in response to such an email, users are advised to contact their bank immediately.

Context and Company Response

The scam may appear more convincing to users because it coincides with the legitimate notifications Apple sends when iCloud storage is nearing or at capacity. When approached for comment on the matter, Apple directed inquiries to an existing webpage on its site that provides information on avoiding scams targeting accounts and devices.