CONSENSUS WIRE
← Back to Crime & Security

Scammers Launch Global iCloud Phishing Campaign Targeting Storage Alerts

Crime & SecurityAI-Generated & Algorithmically Scored·

AI-generated from multiple sources. Verify before acting on this reporting.

LONDON (AP) — A new phishing campaign targeting iCloud users is sweeping across multiple countries, exploiting fears of data loss to steal personal and financial information. The scam, identified on April 16, 2026, uses deceptive emails mimicking official Apple notifications to trick recipients into visiting fraudulent websites.

The fraudulent messages warn recipients that their iCloud storage is full and that files will be deleted unless immediate action is taken. The emails, which appear in both English and Spanish, direct users to counterfeit login pages designed to capture credentials and payment details. Once users enter their information, the scammers gain access to sensitive data, potentially leading to identity theft and financial fraud.

Security experts have flagged the campaign as a sophisticated attempt to capitalize on user anxiety regarding cloud storage limits. Unlike previous phishing attempts that often contained grammatical errors or suspicious sender addresses, this campaign features polished design elements that closely resemble legitimate Apple communications. The urgency conveyed in the messages is intended to bypass critical thinking and prompt immediate user action.

The campaign has been detected globally, with reports emerging from North America, Europe, and Latin America. Victims are urged to verify any storage alerts directly through the official iCloud website or mobile app rather than clicking links in unsolicited emails. Apple has not issued a specific statement regarding this campaign, though the company routinely advises users to be vigilant against phishing attempts.

The phishing sites used in the campaign are hosted on domains that mimic Apple's official web addresses, making them difficult to distinguish at first glance. Users who have already entered information on these sites are advised to change their passwords immediately and monitor their financial accounts for unauthorized transactions. Banks and credit card companies recommend reporting any suspicious activity to prevent further damage.

Cybersecurity firms are tracking the spread of the campaign and working to take down the fraudulent websites. However, the operators frequently change the domain names, allowing them to continue the scam even after some sites are shut down. The use of multiple languages suggests the scammers are targeting a broad international audience.

As of now, the extent of the damage remains unclear. Authorities have not released figures on the number of victims or the total amount of money stolen. The campaign highlights the ongoing challenge of protecting users from increasingly convincing digital threats. With cloud storage becoming integral to daily life, such scams pose a significant risk to personal security.

Investigators are still determining the origin of the phishing emails and the identity of the group behind the operation. The sophistication of the campaign raises questions about the resources and technical capabilities of the perpetrators. Until the source is identified, users worldwide remain vulnerable to similar attacks.