- Fake iCloud removal emails are pressuring Apple users into dangerous clicks
- Bad grammar in iCloud alerts is still a clear sign of fraud
- Clicking on fake iCloud update links can expose banking and personal details
A wave of misleading emails attempts to pressure Apple users into believing their iCloud data is at immediate risk of being deleted, using increasingly aggressive language to force quick reactions.
The messages often claim that a user’s storage limits have been exceeded or that an account has been locked, followed by threats that photos and videos will be permanently deleted by a specific date.
In some cases, recipients receive repeated follow-ups, including what appears to be a final warning that says, “We have tried to contact you several times before… all of your data will be completely deleted.”
Article continues below.
What scam email looks like
Scam warning, UK consumer body Which one? said: “All Apple users should know about this nasty scam going around.”
“These fake, sneaky emails that appear to be from iCloud and threaten you with claims that ‘all your photos will be deleted.'”
One of the scam emails seen by the guardian says: “We have blocked your account! Your photos and videos will be deleted in [date].” It’s titled “iCloud Storage Alert” and goes on to say, “Storage limit reached…your iCloud account has reached its maximum storage capacity.”
Others read: “Your payment method has expired!… Your cloud service has been disabled” or “Your cloud storage renewal payment failed.”
The timing of these emails can make them seem plausible, especially when they arrive alongside legitimate storage notifications.
However, email structure often follows a predictable pattern—an alarming claim, a deadline, and a call to action—all designed to evade scrutiny.
It typically includes a button or link that claims to offer a simple “refresh” to address the situation, but redirects users to fraudulent pages.
These pages are designed to extract sensitive data and users can unknowingly hand over personal and banking information, which can then be used for unauthorized transactions or identity theft and distributed through illicit channels.
The initial interaction may seem harmless, but it opens avenues for additional security risks, particularly if users reuse passwords across multiple accounts.
Despite the convincing tone of the message, these phishing emails often contain inconsistencies that reveal their origin; For example, the sender address often includes unusual domains that do not align with Apple’s infrastructure, and some reference unrelated regions or obscure domain extensions.
Grammar issues remain another persistent flaw, with phrases like “Your account may expire today” indicating a lack of authenticity.
The presence of familiar branding and interface design on phishing pages can delay suspicion, making it more difficult for users to recognize the hoax until information has already been sent.
While a good antivirus program could help in this situation, avoiding interaction with suspicious emails is still the most effective response – a single click can increase risk levels.
Users are also advised to check storage status directly through device settings instead of relying on email prompts.
Reporting these emails helps limit their spread, while maintaining up-to-date security practices, including a properly configured firewall, reduces the likelihood of further system compromise.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
