Fake Cloud Storage Alerts
'Your storage is full' or 'shared file' messages that phish your cloud or email login.
Last reviewed: 1 June 2026
What this scam is
Fake cloud storage alerts impersonate services like email or file-storage providers, warning your storage is full, a payment failed, or someone shared a file — to phish your login and take over the account.
How it works
A convincing email or notification links to a fake login page. Capturing your cloud or email password gives attackers access to documents, contacts, and password resets for your other accounts.
Common red flags
- Urgent storage/billing alerts with a login link
- 'Shared document' from an unknown sender
- Login page on a non-official domain
- Requests for your password or 2FA code
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Your cloud storage is full and emails are being blocked. Verify your account now: [fake link].
Payment methods used
- Account takeover
- Downstream fraud
Who is usually targeted
- Email/cloud users
- Professionals
What to do immediately
- Don't click; check storage by logging in directly via the official app/site
- Never enter your password from an emailed link
- Enable strong 2FA; change your password if exposed
Evidence to preserve
- The message and link
- Sender details
- Screenshots
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Why are cloud and email accounts such valuable targets?
Your email is the recovery point for most other accounts. If attackers control it, they can reset passwords elsewhere. Protect it with a strong unique password and app-based 2FA.