Apple users warned of malicious iCloud email scam

Scammers are using fake Apple messages to get people to click malicious links

An iCloud email scam is targeting Apple users with fake messages designed to steal personal information through malicious links | ©Image Credit: Apple
An iCloud email scam is targeting Apple users with fake messages designed to steal personal information through malicious links | ©Image Credit: Apple

Apple users are being targeted by a new and sophisticated scam that could compromise their personal data and financial security. Cybercriminals are sending out convincing, but fake, emails designed to look like official communications from iCloud. These messages, which often warn of a security breach or account suspension, are a deceptive ploy to lure unsuspecting users into clicking dangerous links. While the emails may seem legitimate at first glance, a closer look reveals the subtle red flags that could save you from becoming the next victim. Keep reading to learn how to identify these scams and protect your information from falling into the wrong hands.

Table of Contents show

The latest iCloud phishing scam

Apple users, beware. A new and highly convincing phishing scam is making the rounds, with fraudsters sending out fake emails that look exactly like official messages from iCloud. These deceptive emails often claim your storage is full and demand an immediate upgrade, a common trick used to get you to click on dangerous links.

This is the third time this year that the consumer group Which? has warned tech users about these fraudulent emails. The messages frequently impersonate Apple’s iCloud service and create a sense of urgency by threatening to suspend your account or delete your files if you don’t act immediately.

Which? is strongly advising all Apple users not to click any links within these emails. The links lead to phony phishing websites designed to steal your personal information, including your name, phone number, email address, and financial details.

What the fake emails say

The scam emails often use similar themes to create a sense of urgency. The most common claims are:

  • Full Storage: The email states that the recipient’s iCloud storage is full and they will no longer be able to send or receive messages.
  • Expired Payment: The email claims that the user’s payment method has expired and needs to be updated.

These fake emails contain malicious links that promise to “free storage space” or to help you
“update your payment method.”

Other versions of the scam uncovered by Which? use more aggressive tactics to scare people into clicking. One version warned customers that they were at risk of losing their “videos, photos and important files.” To prevent this, victims are told they must “upgrade today to keep your precious files and memories safe.”

Another email enticed customers with an 80% discount on a storage plan upgrade, urging them to act “now.” Yet another variation threatened that users would lose access to their account in 48 hours if they didn’t take action.

Additional variations of the scam have been seen, including emails that claim there’s been suspicious activity on an iCloud account that could lead to a suspension.

Tech giants are prime targets for phishing scams

Hackers aren’t just impersonating Apple. According to cybersecurity company Check Point (via the Daily Record), phishing scams that mimic major technology companies were the most frequent type of attack at the beginning of this year. By impersonating these trusted giants, cybercriminals hope to trick users into clicking on malicious links, believing the email is legitimate.

From January to March 2025, Microsoft was the most impersonated company, accounting for a third of all malicious emails. Google was also a common target, appearing in about one in eight phishing attempts, with Apple close behind at just under one in 10.

How to spot a phishing email

Phishing scams rely on deception, but once you know the common warning signs, they’re much easier to spot. Here’s a quick guide on what to look for:

  • Check the Sender’s Address: Phishing emails often come from unofficial or strange-looking email addresses. While the sender’s name may say “Apple,” the actual email address might be a jumble of letters and numbers or from a public domain like “@gmail.com.”
  • Look for Impersonal Greetings: A legitimate company like Apple will almost always address you by your name. Scam emails often use generic greetings like “Dear Customer” or “Dear Apple User.”
  • Inspect the Branding: Be on the lookout for low-resolution, stretched, or pixelated logos and branding. Scammers often don’t have access to high-quality images and may use poorly copied visuals.
  • Beware of Urgency: Scammers want you to act without thinking. They’ll use urgent language, threatening that your account will be suspended or that your data will be deleted if you don’t take immediate action. This is a classic tactic to pressure you into clicking a malicious link.
  • Don’t Give Up Your Information: Legitimate companies will never ask for your personal or financial information—like your password, social security number, or credit card details—via email. If an email asks for this, it’s a scam.
  • Poor Spelling and Grammar: Many phishing emails are written by non-native English speakers or are poorly translated. Be suspicious of emails with frequent typos, grammatical errors, and awkward phrasing.

By staying vigilant and knowing these red flags, you can protect yourself and your information from these deceptive scams.

Sources: Which?, Daily Record