In recent weeks, a troubling new scam has been rapidly spreading across smartphones, catching thousands of unsuspecting victims off guard. Kurt “CyberGuy” Knutsson, a well-known tech journalist and security expert, recently appeared on Fox & Friends to shed light on this disturbing scheme, warning viewers to stay alert. The scam involves criminals sending fraudulent messages that mimic alerts from popular cloud storage services, claiming that the victim’s photos and videos are in danger of being deleted unless they immediately pay a small upgrade fee. These messages are alarmingly convincing and designed to trick people into handing over their payment information, potentially leading to identity theft and financial loss.
Researchers at cybersecurity firm Trend Micro have been closely monitoring this phishing campaign and report a staggering 531% increase in activity from September to October alone. This surge highlights how quickly the scam is gaining momentum and how effective it is at exploiting victims’ fears. The scam typically begins with a personalized SMS or iMessage, which includes the recipient’s first name and an apparently accurate count of their photos or videos—such as “1,675 images” or “2,010 snaps.” The message warns that the victim’s cloud storage is full and their precious memories are at risk of being deleted unless they act immediately. To create a sense of urgency, the texts often contain phrases like “Final warning” or “Act now,” along with a shortened link leading to a malicious website.
Upon clicking the link, victims are taken to a highly polished fake website that closely mimics the look and feel of legitimate cloud storage dashboards. The site uses familiar fonts, icons, and layouts, as well as progress bars and countdown timers to create the illusion that the user’s storage is completely full and that their data will vanish imminently. The website urges the user to pay a small upgrade fee—commonly $1.99—to prevent the deletion of their files. However, entering credit card or PayPal details on this fake payment page only serves to hand over sensitive financial information directly to the scammers. These criminals then exploit the stolen credentials for unauthorized purchases, credential stuffing attacks, or resale on dark web marketplaces. To further cover their tracks, some scam sites even redirect victims to legitimate webpages after the theft has occurred, making it harder to detect the fraud.
Jon Clay, Vice President of Threat Intelligence at Trend Micro, emphasized the emotional manipulation at the heart of this scam. He explained that cybercriminals are expertly preying on fear and urgency, especially targeting older adults who may be more anxious about losing irreplaceable photos and less familiar with digital scams. The timing of the scam is also strategic, as it coincides with a period when many people are taking and storing numerous photos—such as during holidays or family gatherings—making the threat feel more immediate and real. Clay advises consumers to remain cautious of unsolicited messages and to always verify any alerts directly through official apps or websites rather than clicking on links embedded in texts.
Trend Micro’s detailed analysis reveals a predictable pattern in how this scam unfolds, offering several key red flags for potential victims. First, the unsolicited message will appear personalized but comes from a suspicious, shortened URL often ending in unusual domains like “.info.” Second, the fake cloud storage website, while visually convincing, will prompt immediate payment to avoid data loss—a tactic rarely used by genuine cloud services, which normally notify users through their official apps or emails. Third, the scammers pressure victims with countdown timers and progress bars to rush them into making quick decisions without thinking. Finally, after payment information is submitted, victims may receive fake receipts to lend credibility to the fraudulent charge.
To protect yourself from falling victim to this scam, cybersecurity experts recommend several practical steps. First and foremost, avoid clicking on links in unsolicited texts or emails that warn of urgent problems with your cloud storage. Instead, open your cloud storage app or visit the provider’s official website directly to check for any legitimate alerts. This simple verification can prevent unnecessary panic and protect you from malicious sites. Second, consider installing robust antivirus software on all your devices. Quality security programs can detect and block dangerous links, phishing attempts, and malware before they can do harm. Kurt Knutsson regularly updates his recommendations for the best antivirus protection available for Windows, Mac, Android, and iOS devices at Cyberguy.com.
Another effective precaution is to use a reputable data removal service. These companies actively monitor and scrub your personal information from hundreds of websites and data broker platforms, making it harder for scammers to craft personalized messages that