Home | My Feed | Saved Stories | About | Privacy
Back

Global Cloud Storage Phishing Scam Targets Users with Payment Failure Warnings

Show me the source 1 Sources
Generated on: Last updated:

Cloud Storage Subscription Scam Campaign Targets Global Users

A large-scale cloud storage subscription scam campaign is actively targeting users worldwide through persistent, repeated emails. This sophisticated operation falsely informs recipients that their valuable photos, files, and accounts are at imminent risk of being blocked or deleted due to alleged payment failures. The campaign has intensified significantly in recent months, with many individuals reporting receiving multiple scam versions daily.

These emails falsely inform recipients that their photos, files, and accounts are at risk of being blocked or deleted due to alleged payment failures.

Campaign Overview

The phishing emails originate from a diverse array of domains, many of which appear to be randomly generated specifically for this campaign. Subject lines are highly varied, often personalized with the recipient's name or email address, and frequently incorporate specific dates or identifiers to create a strong sense of urgency. Common subject line themes include warnings about immediate action required, payment declines, blocked accounts, and full storage.

Messages typically claim that a cloud subscription renewal has failed or that a payment method has expired. They ominously warn recipients that data backups may cease syncing, potentially leading to the irreversible loss of photos, videos, documents, and device backups if the supposed issue remains unresolved. To enhance their facade of legitimacy, the emails often incorporate fabricated account IDs, subscription numbers, and expiration dates.

Phishing Mechanism

The initial spam emails contain embedded links that primarily lead to https://storage.googleapis.com/, which is part of Google Cloud Storage. Threat actors exploit this legitimate platform to host static redirector HTML files. Upon clicking these links, unsuspecting users are subsequently redirected to scam or phishing sites hosted on various random domains.

These deceptive phishing pages are meticulously designed to imitate legitimate cloud service portals, frequently featuring cloud-themed branding, including the recognizable Google Cloud logo. The sites falsely assert that the user's cloud storage is full, claiming that documents, contacts, device data, photos, and videos are no longer being backed up and are subject to imminent deletion.

Deceptive Practices

Clicking a "Continue" button on these phishing pages initiates a simulated storage scan, which invariably "reports" that Photos, Cloud Drive, and Mail services are at full capacity. The pages then present an urgent warning that data will be lost unless the cloud storage is upgraded. This warning is often accompanied by a promotional offer for a limited-time "loyalty" upgrade at an 80% discount.

However, selecting this "upgrade" option does not lead to a cloud storage upgrade. Instead, users are redirected to affiliate marketing pages that promote entirely unrelated products, such as VPN services or lesser-known security software. These ultimate landing pages are strategically designed to collect users' credit card details, thereby generating affiliate revenue for the individuals operating the scam.

Recommendations for Users

It is crucial for users to recognize that these emails and landing pages are not legitimate communications from genuine cloud service providers.

Reputable cloud providers typically do not send emails that direct users to storage scans or third-party products to resolve billing issues.

Furthermore, legitimate cloud storage providers generally implement policies that block access to additional storage upon payment failure, rather than immediately deleting files. For instance, Google explicitly states that files will only be deleted after two years following a canceled plan, while Microsoft OneDrive may delete files after six months if an account consistently exceeds its allocated storage.

Users who receive these spam messages are strongly advised to:

  • Delete them without clicking any links.
  • Refrain from purchasing any products promoted through these fraudulent emails.

For any genuine concerns regarding cloud storage or billing, users should manually visit the official website or app of their legitimate cloud service provider. Do not rely on links provided in suspicious emails.