It’s always been important to be vigilant when you use your Mac and watch out for possible scams. However, it seems that scammers are becoming ever more creative in the ways that they try to make you click a malicious link. One recent version of a phishing attack is the iCloud storage scam. In this article, we’ll explain what the iCloud storage scam is, how to avoid it, and what happens if you click a link in an email sent by a scammer.

What is the iCloud storage scam?

First spotted in late 2023, the iCloud storage scam is a phishing email which claims that your iCloud storage is nearly full and that by clicking a link in the email, you can get a great deal on a higher storage tier or even get more storage for free. The email doesn’t come from Apple and is designed to get you to click a malicious link.

What happens if I click the link?

The first thing that happens is that the link redirects multiple times. The final destination could be anything from an innocuous website to a page designed to look like an Apple ID login. That would then ask you to supply personal details, possibly including payment information, in order to steal money from you. It’s also possible the link could land on a web page that downloads malware to your Mac, such as adware, a browser hijacker, or a cryptocurrency miner. The scammers can change the destination at will just by modifying an entry in a database.

Does Apple send emails about iCloud storage limits?

Usually Apple doesn’t reach out about your current use of the iCloud storage. Most communication happens on the device, trying to get your attention through system settings.

If you receive an email, a text message, or a phone call, and you’re not sure if it’s real, don’t act on them and leave. Open Settings > Apple Account > iCloud and check the real state of your subscription.

The bottom line is that Apple will never ask you to provide your Social Security Number, credit card numbers, or mother’s maiden name. If you receive such a request, report emails to [email protected] and phone calls to [email protected].

Common iCloud scam types and examples

To fight off iCloud scams, you must be good at recognizing them. After all, the devil you know is better than the devil you don’t. Here’s the list of the most common ways scammers use iCloud to create urgency and make you download malware or give away your personal information.

iCloud storage scam emails

“Your iCloud storage is full,” says the email. It warns that you can no longer use your iCloud account and suggests upgrading your plan to get more storage. Some would even threaten to start removing your photos, unless you upgrade. Some, on the other hand, offer you free gigabytes.

The iCloud storage scams use both a carrot and a stick: it might try to scare you into clicking a link or get you excited about an offer that’s really too good to be true. Always stay vigilant, and check your iCloud directly on your device instead.

iCloud payment scams

This most often comes in the form of an iCloud scam email. It claims that your payment method has either expired or been declined, so you better update your payment information. A threat to disable, block, or completely remove your iCloud account for not following the instructions makes these emails even more manipulative. Naturally, this is just a way to phish for your banking details and use them to steal your money.

Support phone call scams

Scammers might even call you and pose as Apple support representatives. They’ll claim that there’s suspicious activity on your account or device to get your attention. The goal is to trick you into giving away personal information, money, or even Apple gift cards. It’s best to simply hang up.

“Your iCloud is locked” scam

These emails create a sense of urgency by claiming your iCloud account will be disabled within a day or two. They might try to frighten you by saying you’ve violated security policies and now all your photos, files, and conversations will be wiped from your iCloud.

Don’t buy into this nonsense. Check the sender’s email — does it end with @apple.com? Hover over the link or button they want you to click — does it lead to Apple's website? Finally, check notifications on your device — you should be able to see the same type of message in your settings. If not, consider this just anotheriCloud spam email.

How to avoid the scam?

The golden rule is that you should never click a link in an email or message unless you are absolutely certain it’s safe and where it leads. Also, take some time to improve your privacy.

Tip: How to protect your privacy on your Mac

Malware is just one way that your privacy can be compromised when you use your Mac. Applications can, with your permission, access your camera and microphone and record your screen. Strangers might take advantage of you leaving the computer unsupervised and install spyware. They can also access files and folders if you use automatic login that doesn’t require a password.

The easiest way to manage all those privacy options is to use Moonlock’s System Protection, which lets you configure macOS settings for maximum protection. After all, Mac has a lot of great security tools. System Protection helps you set them up correctly. Try it out for free here.



How do I know if an iCloud email is a scam?

There are a few things you can do to check whether an email you have received is an icloud storage scam.

  1. Check the sender. In Apple Mail, hover over the sender with the mouse pointer and click the down arrow to reveal the sender’s email address. If the address doesn’t end in ‘apple.com’, it’s a scam. No one other than Apple would send you an email about your iCloud storage because no one other than Apple knows whether it’s nearly full.
  2. If you can’t do that, look at the wording of the email. Does it read like a professional email from a company like Apple? Usually, despite scammers’ best attempts and increasing skill, there are giveaways in the grammar or spelling or in the way the email is designed.
  3. How does the email address you? Does it use your name, or is it a generic ‘Dear Sir/Madam’ or something like that? Apple knows your name. If it was sending you an email, it would use it.
  4. Check your iCloud storage. Go to System Settings > your Apple ID > iCloud. Is the storage indicator at the top of the window nearly full? No? Then it’s definitely a scam. Yes? It’s still more than likely to be a scam. Apple doesn’t need to email you to upsell iCloud storage, it will just alert you in System Settings.

How to free up iCloud space

If you are running out of iCloud space, there’s an easy way to free it up without further browsing System Settings or digging deep into the Finder — CleanMyMac and its Cloud Cleanup feature. Once you connect your iCloud Drive to it, you can run a scan and see what takes up the most storage. You can then delete unneeded files and quickly reclaim some space. Worried about your privacy? Worry not; it is a legitimate app, not a scam. More importantly, with on-device scanning, even the developer cannot access your data. Try CleanMyMac for free — test how Cloud Cleanup and other tools work with the unlimited 7-day trial.


How to report an iCloud storage scam

If you suspect that an email is a scam, you should report it immediately to Apple. Here’s how to do it:

  1. Select the message in Mail.
  2. Click the View menu, then Message > Raw Source.
  3. A window will open with the text of the raw source.
  4. Click the File menu and choose Save As; save it somewhere like your desktop or documents folder.
  5. Compose a new email explaining what has happened and attach the text file of the raw source.
  6. Address the email to [email protected] and send it.
  7. Mark the original email as spam.

How to remove malware on your Mac

If you are worried that you have already clicked a link in a scam email (perhaps because you’ve noticed unusual behavior on your Mac) and downloaded malware as a result, you should use specialist software to check. You can’t check for malware yourself because you don’t know what to look for. Specialist tools search your Mac for files and compare what they find with a database of known malware.

We recommend Moonlock. It starts looking for malware the moment you install it and blocks everything it finds on the surface without you lifting a finger. Just make sure that real-time protection is on.

If you’d like to check deep corners of the system or look among long-untouched files, use Moonlock’s Malware Scanner feature. It allows you to choose between a deep scan, which will search every file and folder to hunt down malware, a quick scan that prioritizes speed over the depth of the scan, and balanced, which, as its name suggests, is a balance of the two. 

You can also schedule automatic scans and don’t burden yourself with reminders to scan regularly — Moonlock will take care of that for you.

  • Sign up for a free 7-day trial
  • Open Moonlock and choose Malware Scanner in the sidebar.
  • Click Scan to begin a scan.
  • If Moonlock finds anything, it will guide you through the encounter with malware. You’ll get to know what type of malware was caught, what happened to it when it was detected, and what to do with it next. You’ll be informed on each step of the process.

As you can see, iCloud storage scams are another form of phishing emails, similar to most other phishing scams. Despite what they promise, they can’t offer free iCloud storage or a discount on your subscription. Follow the steps above to avoid them and keep your Mac safe.