- Fake iCloud deletion emails pressure Apple users into dangerous clicks
- Poor grammar in iCloud alerts remains a clear sign of fraud
- Clicking fake iCloud upgrade links can reveal banking and personal data
A wave of misleading emails is trying to trick Apple users into believing their iCloud data is at immediate risk of deletion, using increasingly aggressive language to force swift responses.
The messages often claim that a user’s storage limits have been exceeded or that an account has been blocked, followed by threats that photos and videos will be permanently deleted on a certain date.
In some cases, recipients receive repeated follow-ups, including what appears to be a final warning saying, “We’ve tried to contact you several times before… all your data will be completely deleted.”
The article continues below
This is what the scam email looks like
Scam warning, UK consumer organization Which one? said: “Every Apple user needs to know about this nasty scam doing the rounds.”
“These sneaky fake emails that look like they’re from iCloud and threaten you with claims that ‘all your photos will be deleted’.”
One of the scam emails that have been seen The Guardian says: “We have blocked your account! Your photos and videos will be deleted on [date].” It is titled “iCloud Storage Alert” and goes on to say, “The storage limit has been reached… your iCloud account has reached its maximum storage capacity.”
Others read: “Your payment method has expired!… Your cloud service has been disabled” or “Payment failed for the renewal of your Cloud storage space.”
The timing of these emails can make them seem plausible, especially when they arrive alongside legitimate stock announcements.
However, the email structure typically follows a predictable pattern—an alarming claim, a deadline, and a call to action—all designed to bypass scrutiny.
It usually includes a button or link that claims to offer an easy “update” to address the situation, but redirects users to fraudulent pages.
These sites are designed to extract sensitive data and users may unknowingly provide personal and banking information, which can then be used for unauthorized transactions or identity theft and distributed through illegal channels.
The initial interaction may seem innocuous, but it opens up avenues for further security risks, especially if users reuse passwords across multiple accounts.
Despite the persuasive tone of the message, these phishing emails often contain discrepancies that reveal their origin – for example, the sender address often includes unusual domains that don’t match Apple’s infrastructure, with some referring to unrelated regions or obscure domain extensions.
Grammar issues are still another persistent bug, with phrases like “Your account may expire today” indicating a lack of authenticity.
The presence of familiar branding and interface design on phishing sites can delay suspicion, making it harder for users to recognize the deception before information has already been submitted.
Although a good anti-virus program can help in this situation, avoiding interaction with suspicious emails is still the most effective answer – a single click can escalate the level of risk.
Users are also advised to confirm stock status directly through device settings rather than relying on email prompts.
Reporting such emails helps limit their spread, while maintaining up-to-date security practices, including a properly configured firewall, reduces the likelihood of wider system compromise.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
