Cloud Storage Full Phishing Scams
Phishing emails and texts claiming your iCloud, Google Drive, or OneDrive storage is full, tricking you into entering credentials on a fake login page or paying for fake storage upgrades.
Last reviewed: 1 June 2026
What this scam is
Cloud storage full phishing scams use emails or text messages that appear to come from Apple, Google, Microsoft, or another cloud storage provider, claiming that your storage quota is almost full or completely exhausted. The message creates urgency — your data is at risk, your backups have stopped, or your account will be limited — and directs you to a link to resolve the situation.
The link leads to one of two outcomes: a fake login page that captures your cloud account credentials when you attempt to sign in, or a fake payment page that collects card details for a storage upgrade that is never applied.
This scam is particularly effective because cloud storage quota alerts are genuine, routine communications from these services. Most users periodically do receive notifications that their storage is filling up, making a fake version of these messages feel completely normal. The branding is easy to replicate accurately, and the call to action — log in or pay — is exactly what a genuine notification would request.
The consequences of credential theft from a cloud account are serious. Cloud accounts contain backups of phones and computers, personal photographs, documents, email archives, and often serve as the recovery account for many other services. Losing access to a cloud account can have cascading effects across many other accounts linked to it.
How it works
A phishing email or SMS arrives claiming to be from Apple, Google, Microsoft, Dropbox, or another cloud provider. The message states that storage is 99% full or completely exhausted and that automatic backups have stopped or will stop. A deadline is mentioned: account features will be restricted in 24 to 48 hours.
A button or link labelled 'Manage Storage', 'Upgrade Now', or 'Sign In to Continue' leads to a page that replicates the cloud provider's login or payment interface. The fake login page captures any credentials entered. The fake payment page collects card details under the guise of purchasing additional storage.
After credential capture, the attacker uses the cloud account to access personal data, look for further account recovery information, and potentially lock the legitimate user out by changing the password and recovery email. The account contents may be used for identity fraud, blackmail (if sensitive photographs are found), or resale.
Some variants do not steal credentials but instead install tracking software when the victim interacts with the message on a mobile device.
Why this scam works
Cloud storage notifications are normal and expected. The message replicates a communication the user has probably received before in a genuine form. The urgency framing — your backups have stopped, your data is at risk — activates a protective instinct that overrides caution.
The login or payment interface is familiar territory. Most users are accustomed to signing into their cloud provider through prompts and have done so many times. The habit of entering credentials in response to a prompt is well-established.
Common red flags
- Storage warning email or SMS you did not expect when your storage is not actually full
- Link in the message leads to a domain that is not the official provider domain
- Urgency language about imminent data loss or account restriction
- Login page design that differs slightly from the genuine sign-in page
- Request for card details to upgrade storage before you have verified storage status
- Email sender address contains variations on the official domain
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Your iCloud storage is 99% full. Your photos and backups are at risk. Click to upgrade: [fake link]
Google storage alert: Your Gmail, Drive, and Photos will stop working in 24 hours. Manage storage: [fake link]
OneDrive: Your account storage is full. Files are no longer being backed up. Resolve this now: [fake link]
Apple ID alert: iCloud backup failed — storage full. Sign in to continue your backup plan: [fake link]
Common variations
- Apple ID storage phishing — replicates iCloud and Apple ID storage notification exactly
- Google account storage phishing — targets Google Photos and Drive users
- Microsoft OneDrive phishing — replicates Microsoft storage notification
- Dropbox and third-party cloud variants — less common but targeting business users
- Payment-only variant — bypasses login harvest and goes straight to card collection
How to verify before you act
Do not click any link in an email or text claiming your cloud storage is full. Instead, open your cloud provider's app directly from your phone or computer, or type the provider's domain directly into your browser.
Check your actual storage status within the official app. If storage is genuinely full, you will see this within the app. If it is not, the message was fake.
Verify the sender email address carefully. Phishing emails targeting Apple users often come from domains that closely resemble apple.com but have slight variations. Hover over links before clicking to see the destination URL.
Payment methods used
- Card details on fake upgrade payment page
- Credentials captured on fake login page
Who is usually targeted
- iPhone and iPad users with iCloud accounts
- Android users with Google account storage
- Microsoft 365 subscribers with OneDrive storage
- Anyone who receives genuine storage notifications from their provider
What to do immediately
- Do not click the link — check your actual storage status in the official app instead
- If you entered credentials, change your cloud account password immediately from the official app
- Enable two-factor authentication on your cloud account if not already active
- Review recent sign-in activity in your account's security settings for unrecognised logins
- If you entered card details, contact your card issuer to block the card
- Report the phishing message to your cloud provider's abuse team
How to prevent it
- Never click links in storage warning emails or texts — check the official app instead
- Enable two-factor authentication on all cloud accounts
- Check your actual storage status directly in the provider's app monthly
- Learn to read email sender addresses carefully for near-miss domain spoofing
- If you want to upgrade storage, navigate to the provider's settings directly, not via an email link
Evidence to preserve
- The phishing email or SMS with full headers if possible
- Screenshot of the fake login or payment page
- Any receipts or confirmation emails received from the fake page
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How do I check my real iCloud storage?
On iPhone or iPad, go to Settings, tap your name at the top, then tap iCloud. Your storage usage is shown at the top of the page. You can manage or upgrade storage from here without following any email link.
What happens if I entered my Apple ID or Google password on a fake page?
Change your password immediately through the official app or website. Then enable two-factor authentication if it is not already on. Check recent sign-in activity in your account security settings. If you reuse this password elsewhere, change it on those accounts too.