apple products on grey couch how to spot an icloud scam

Received a Notification About Your iCloud Storage? What to Know About the Latest iCloud Scam

By Dan Ketchum

Here’s the good news: while they’re not completely immune, iPhones are generally safer than other devices when it comes to viruses and malware, thanks to Apple’s “walled garden” approach. Because all iOS App Store products are vetted by Apple and iPhone software can only be downloaded from said App Store, malware on iPhones is rare.

The bad news? Scammers are inventive. While the latest iCloud scams don’t directly attack iOS devices with viruses or malware, they do specifically target Apple iCloud users. Here’s what to know and how to protect yourself from iCloud scam emails.  

What is iCloud? 

First, a refresher – because we don’t blame you if you can’t keep track of every little feature on your iPhone. iCloud, as the name implies, is Apple’s own cloud storage solution, where “cloud storage” is a remote form of storage. That means that it stores data on a remote server, and you can access that data locally from online devices, like your iPhone. iCloud is built into Apple’s devices, from iPhones to iPads, and is primarily used as a tool for remotely backing up data like files, photos, and passwords. When you sign into your Apple Account on a new device, you can choose which apps you want to use with iCloud. 

iCloud scam emails first started popping up en masse around late 2023. Scammers particularly love this one, as iOS has that aforementioned reputation for security. These sneaky little scammers very intentionally leverage that sense of security to exploit iPhone users’ trust in the iCloud brand.

iCloud Storage Scams 

Here’s how the most basic (and most popular) version of the iCloud scam works – they’re usually iCloud storage scams, scaring you into believing that your iCloud storage is full. Typically, you’ll get an email with a panic-inducing subject line, like “LAST ALERT: ALL YOUR PHOTOS WILL BE DELETED!” The contents of the email contain official-looking info like a subscription ID, order details, or expiration date, and usually tell you that you need to update your payment information, otherwise you won’t be able to back up your files, and everything you have on iCloud will be deleted.

This is meant to scare you into clicking the included link to pay, or otherwise “fix” the situation, which is why Apple itself dubs this a “social engineering scheme.” If you do click, a number of things can happen, none of which are good. It may prompt you to make a payment, which of course goes right to the scammers (who’ll now have your payment info, too) rather than Apple. It may also prompt you to “fill out a survey” or otherwise enter your private information – this is a phishing scam, meaning that bad actors are “fishing” for that valuable info, which they can then use to commit identity theft and financial fraud. 

apple macbook glowing in dark

iCloud Scam Variations

Most iCloud scam emails are iCloud storage scams, but not all of them. They all have the same goals – to take your money directly or phish you for valuable private information – but they sometimes use different tactics to get there.

  • Some emails will tell you that there’s an issue with a different Apple service, such as the App Store, FaceTime, Apple Music, or your Apple Pay account. In any case, clicking the link to address the phony situation is bad news (oftentimes, these types of phishing emails are after your Apple ID)
  • A similar scam can happen by phone. In this case, grifters call from what appears to be a legit Apple support number, claiming that your iCloud or other Apple service account has been compromised. They’ll ask (or an automated voice will ask) for your private information to “fix” that, of course
  • In another version, a call or email will prompt you to reset your Apple ID password. You’ll need to enter your current password to do that – and, bingo, now scammers have your Apple ID login info
  • Other variations claim that your Apple ID or iPhone has been locked. Spoilers: the only way to unlock your account or device is to share your private information…with someone who is definitely not Apple

iCloud Scam Safety

No matter which variety of iCloud scam email you receive, they share plenty of telltale red flags in common. Keep your private information safe by keeping these iCloud scam safety tips in mind: 

  • Check the email address “@icloud.com“@icloud.com.” Consider any other email address contacting you about your iCloud dubious
  • Never click on links unless you know for certain you can trust the source
  • Use trusted antivirus and anti-malware software on your desktop devices, which will assist you in flagging potentially harmful sites and links
  • Enable two-factor authentication for your Apple Account for additional safety. Follow these instructions straight from Apple
  • Never use Apple Gift Cards to make payments to individuals (scammers love accepting gift card payments, as they’re nigh impossible to trace)
  • Contact Apple Support directly when you have an issue, rather than accepting calls from “support” emails or numbers that may or may not be legit
  • If you get contacted by a person, email address, or phone number that makes you raise your eyebrow, run a quick PeopleWin Free People Search using whatever contact info you have to find out if they truly are who they claim to be
apple laptop, apple watch, and iPhone on table

Frequently Asked Questions

Whether you’ve been affected by iCloud storage scams or you’re just curious about them, you’re not alone. Here are some of the most frequently searched questions about iCloud scams:

How do I know if an email from iCloud is legitimate? 

Check the domain name first. Legitimate Apple emails come from domains like “@apple.com” or “@email.apple.com.” Look for nonsense or garbled domain names, spelling errors, or dead giveaways like an “@gmail.com” address claiming to be Apple Support. 

Does Apple send emails about iCloud? 

In some cases, yes. To know the difference, check those domain names, as mentioned above. And know that the real Apple Support will never ask for your private information via email. If you have any doubts, contact Apple support directly. 

What does a fake Apple security alert look like? 

Sometimes, it’s tough – sophisticated scams can use very official-looking branding. Less polished scams often use amateurish-looking fonts or graphics and feature typos, bad spelling, poor grammar, or punctuation errors. Tactics to elicit fear or a sense of urgency are big red flags, as is a lack of personalization (a real Apple email will address you by the name on the associated account). Likewise, a pop-up ad or an unsolicited phone call from “Apple” is always fake. 

It never hurts to stay up on scams, either. Whether on your phone, in your inbox, or on the cloud, consider the PeopleWin Blog your North Star for avoiding scams as you navigate an increasingly tricky online landscape.

Dan is a Dallas-based freelance writer, small business owner and consultant. He’s been fortunate enough to collaborate with brands like Microsoft, Sony, The Seattle Times, The Motley Fool, USA Today and more in his 15 years of experience