In recent times, a troubling new scam has been rapidly targeting smartphone users, exploiting their fears and trust to steal personal information and money. Kurt "CyberGuy" Knutsson, a respected tech journalist and cybersecurity expert who regularly appears on Fox & Friends, has sounded the alarm about this disturbing fraud that uses highly convincing fake alerts to deceive victims into handing over their credit card and PayPal details.
The scam centers on fraudulent messages that warn recipients their cloud storage—where they keep precious photos and videos—is full or that their images are at risk of deletion unless they upgrade their storage plan immediately. These alerts arrive via SMS or iMessage and are carefully crafted to look authentic, often mimicking the branding and style of major cloud service providers. They include personalized details such as the recipient’s first name and a seemingly accurate count of photos or videos stored on the device, for example, "1,675 images" or "2,010 snaps," adding a layer of credibility to the scam.
Once a victim clicks the link embedded in the message, they are directed to a counterfeit website that closely resembles a legitimate cloud storage dashboard. The site is polished and professional, featuring familiar fonts, icons, progress bars, countdown timers, and urgent warnings that their files will be lost if they do not pay a small upgrade fee—typically $1.99. This pressure tactic plays on users’ emotional responses, particularly fear and urgency, encouraging them to make a quick decision without verifying the legitimacy of the alert.
However, instead of upgrading storage, victims are actually handing over sensitive payment information directly to the scammers. The fake payment page harvests credit card numbers, PayPal credentials, and other personal data instantly. Cybercriminals then use this information for unauthorized purchases, credential stuffing attacks (where stolen credentials are tested on other platforms), or selling the data on dark web marketplaces. Some victims are even sent bogus receipts to make the fraudulent charges appear legitimate.
Trend Micro, a leading cybersecurity firm, recently uncovered this phishing campaign and revealed a staggering 531% increase in its activity from September to October, highlighting how quickly the scam is spreading across devices and networks. Jon Clay, Trend Micro’s Vice President of Threat Intelligence, emphasized how this scheme preys on emotional manipulation, particularly targeting older adults who might be more vulnerable to such tactics. With the holiday season approaching—a time when many people capture and store countless irreplaceable memories—scammers are exploiting the anxiety around losing these digital treasures.
The scam follows a predictable pattern, which, if understood, can help potential victims recognize red flags and avoid falling prey. It begins with an unsolicited message containing urgent language like "Act now" or "Final warning," designed to panic recipients into clicking the malicious link. The URL often uses a suspicious short domain with a .info extension, a common indicator of fraudulent sites. Once on the fake website, victims see realistic layouts mimicking popular cloud services, complete with progress bars showing “100% full” storage and countdown timers warning that data will disappear imminently. The payment page is equally convincing, further lowering victims’ defenses.
Interestingly, some variations of these scam sites redirect users to legitimate websites after harvesting payment data in an attempt to conceal their fraudulent activity and avoid immediate detection. This tactic complicates efforts to trace and shut down these operations.
To protect against this scam, CyberGuy and security experts recommend several practical steps. First and foremost, never click links in unsolicited messages claiming to be from your cloud storage provider or any service. Instead, open the official cloud storage app or visit the service’s verified website directly to check your account status. Genuine providers rarely send urgent storage alerts via text messages; most notifications appear within the app or through official emails.
Installing a robust antivirus program on all your devices is another crucial defense. Good antivirus software can flag dangerous links before you open them, detect malware, and warn you about phishing attempts. CyberGuy offers annual recommendations for the best antivirus solutions for Windows, Mac, Android, and iOS devices, which are available on his website.
Another effective strategy is to use a reputable data removal service to scrub your personal information from data broker sites. By limiting the amount of your personal data available online, you reduce the chances scammers can craft believable, personalized messages using your information. While no service can guarantee complete removal, these companies actively monitor and remove your data from hundreds of websites, making it significantly harder for cybercriminals to target you.
When you do encounter links, scrutinize them carefully. Legit