A warning has been issued to iPhone users about a new email scam designed to steal banking details and personal information. Victims report receiving messages claiming their iCloud storage is full, urging them to upgrade their accounts immediately to avoid losing photos, videos, and access to certain apps. The US Federal Trade Commission has issued a warning about the scam, advising users to contact Apple if they receive one of these emails rather than clicking any links that are likely to take users to fraudulent websites. PayPal users have also been warned about a sophisticated scam on the platform that's easy to fall for.
The iCloud scam involves emails that include a button to enable the upgrade, but this takes users to a malicious website designed to steal sensitive information. One victim shared their experience on Reddit, showing their inbox packed with emails with the subject 'Your iCloud storage is full' and text saying: 'Your iCloud storage is full. You have exceeded your storage plan, and this means that your documents, contacts and device data are no longer being backed up to iCloud.' The message also includes a button to upgrade to a larger iCloud plan and, to make it appear even more official, it is signed by 'The iCloud Team.' Some emails posted by victims appeared more threatening, warning them that their iCloud account would be closed within 48 hours if they did not act immediately.
One glaring red flag in this message is the email address, as it was sent from 'noreply@email.apple.com.' Common legitimate addresses from the tech giant include no_reply@email.apple.com, noreply@apple.com and noreply@insideicloud.icloud.com. The Guardian received an email from one victim that stated: 'We have tried to contact you several times before, but we have not received any response. If you have not resolved your issue today, all your data will be completely deleted on [date], including your photos and videos.'
If users provide their bank details or make a payment, scammers can use the information to steal additional funds or sell the data to other criminals on the dark web.
Which?, a leading consumer champion, is calling on Britons to be vigilant about the '1p' deposit scam, which begins with fraudsters posing as businesses and sending the tiny amount to your account. They have been known to do this by hacking an existing business or inventing a fake one. When deposits are made, PayPal sends a genuine payment message in an email flagging the transaction. The scammer includes a note telling the victim that they received it because their account 'processed a payout by small deposit confirmation'.
This suggests that further funds will be sent and that the nominal fee was sent simply to confirm your account is active. Included in the note is official-looking guidance to call the provided number if you didn't authorise the payment to 'immediately secure your account and request a refund.' But if you call the number, you'll be put through to someone involved in the fraudulent operation, who will then try and dupe you into providing personal and financial information they can use to steal from you.
Every Apple user needs to know about this nasty scam doing the rounds.
If you're targeted, don't reply to the email or call, and immediately update your password to something strong and enable two-factor authentication if you can, the website says. If you've been targeted, you may already have personal information online, and reinforcing security will help prevent cybercriminals from hacking into your account. The scam can come in various forms, with scam artists constantly coming up with new ways to try and bypass developing security measures. PayPal told the website it was aware of the scam and that the phone number isn't associated with the company.
The scam takes the form of fake Apple Pay ‘fraud alerts’, which victims are receiving via text message, claiming that a fraudulent transaction was made via their account, requiring immediate action. The message often claims the person’s money is about to be compromised, urging them to quickly move funds to a ‘safe account’. Alternatively, victims can be asked to withdraw cash, or send money through Apple Pay or in the form of gift vouchers. And the text is made worryingly plausible by the use of stolen personal details.
Consumer advocacy organisation Consumer Affairs has shared details of the threat, explaining that it relies on social engineering rather than breaking into computer systems. That number connected her to a scammer posing as an investigator, with the victim coming perilously close to losing $15,000 (£11,100) before a bank worker intervened. The organisation has warned that the scam is designed to trick people into authorising a payment themselves, making it very difficult to recover the money once it has been sent.
Consumer Affairs has urged iPhone users to be wary of unusual messages from Apple Pay, as well as requests to call a certain phone number or to act straight away to deal with the alleged problem. They also warned against clicking on any of the links or calling any numbers contained within the message. The main advice is to slow down and not act with urgency, in spite of what the message says. Instead, check your Apple Pay activity directly on your device, and contact Apple or your bank directly, using their official phone number, to confirm that the message is not genuine. Apple has also said that if you ever receive a suspicious text of this nature you should take a screenshot and email it to reportphishing@apple.com.
And it’s worth remembering that Apple, along with other tech firms such as Microsoft or Google, will never contact you asking you to call a number or link to a specific website. Likewise, your bank will never ask for your password or PIN in full over the phone.
EE users are being urged to watch out for a worrying text message scam. According to cybersecurity experts at Bitdefender, EE customers seem to be receiving urgent messages claiming they are about to lose thousands of EE reward points unless they act immediately. Cybercriminals seem to be impersonating the hugely popular EE network to lure people into clicking malicious links that redirect to fake websites. These fake sites are designed to steal login details, which can then be used to make the crooks money.
If you get an unsolicited or suspicious phone call from someone claiming to be from Apple or Apple Support, just hang up.
The urgency is the key to this scam's success, with thieves hoping users won't think before acting. This type of scam has targeted EE customers before and isn't actually new. Back in January this year, users reported receiving convincing fake messages about reward points.
EE has since reiterated that it does not operate a points programme. The company has published examples of scam messages, such as: “The EE points program reminds you: As a valued user, we are giving you free points which will expire in three working days. Click the link below to redeem your prizes in time!” EE’s latest advice is clear: never click unknown links in text messages, do not reply to suspicious messages, do not call the number that sent the message, and never share personal or financial details.
Fake text messages have been sent claiming to be from EE and Vodafone, promising prizes from their rewards schemes. Vodafone has the VeryMe Rewards scheme but never refers to it as the 'Vodafone Rewards Club', which is used in some scam texts. The scam messages are sent via RCS, a more advanced type of messaging than SMS, and EE is unable to block them (unlike SMS). EE is working with Apple and Google on the problem of RCS scam messages. Vodafone customers are mostly not receiving the scam texts because RCS is not enabled by the carrier on iPhones, but people on other networks are receiving them.
One scam text claims to be from Vodafone, stating the recipient holds 12,739 points with 12,000 expiring in 3 days under the 2026 programme. EE users who clicked on the scam link were taken to a site that appeared legitimate, offered prizes, and asked for bank details, then refreshed to a blank page with a spinning icon. The scam applies urgency by saying there are only a few days to take advantage of the offer, a common tactic to force people into decisions.
Scam messages are spreading in the name of telecom operator Elisa. The message title tells about an important message and the content directs to redeeming a loyalty customer gift, with the link directing to a phishing site, the telecom operator warns. Elisa advises to be critical of links arriving via email, noting that login credentials should not be given under any circumstances to sites opened via links as scam sites can look very genuine. The operator recommends changing the password immediately if suspecting having given login credentials to the wrong hands, and if having handed over bank credentials or payment card details, Elisa advises contacting one's own bank and making a crime report if necessary. Recently, Finns have been sent especially Suomi.fi, Tax Administration, and Kela-themed scam messages, but also in the names of Spotify, Netflix, OmaPosti, and Aktia.
EE advises recipients to highlight the scam by pressing the 'report spam' button. If you shared security details with a scammer, take immediate action to protect bank accounts, mobile phone account, and other accounts. If you shared Vodafone account details, immediately contact Vodafone to update them. Forward suspicious emails claiming to be from Vodafone to a specified email for investigation.
Anti-phishing software is included in most anti-malware packages and should be kept up-to-date, but it can't always provide 100% protection. Get antivirus apps from legitimate app stores like The App Store (Apple) or Google Play App Store. To stay secure, never click unknown links in text messages, do not reply, do not call the number from the message, and never share personal or financial information. EE does not offer an EE points program for exchanging points for rewards; instead, it has partnered with Airtime for discounts and cashback.
The exact number of people who have fallen victim to these scams and the total financial losses incurred remain unknown, as does the origin and identity of the scammers behind these campaigns. The effectiveness of current countermeasures by companies and authorities in stopping these scams is also unclear, and it is not known whether there are coordinated efforts between different scam campaigns such as iCloud, PayPal, and EE. The long-term impact on consumer trust in digital platforms and services has yet to be determined.