Dave, I got an email saying that my photos and videos are going to be deleted because I’ve run out of space on my cloud storage. I don’t recall having cloud storage, but I guess I do. Should I click on the link to upgrade my cloud storage, or is it a scam of some sort? Thanks!
The best tool you have to protect yourself in the wild world of the Internet is logic. The more you can slow down and consider if the message you just got – whether via text, a physical letter, voicemail, or an email – makes sense and can be verified. Indeed, the more that the message tries to instill a sense of urgency, the more likely that it is a scam of some sort.
In this instance would a company like Apple or Google delete your photos if you run out of space, or would they simply prevent you from uploading new content but keep all of that around so long as you keep paying for the service?
Shortcuts: Legit Email | Risky Destination | Increase Cloud Storage
Don’t pay for it? Then you probably don’t have it. Except… with cloud storage, it actually is something that the big companies offer for free (with the hope that you pay for more space as it fills up). This means that you need to be more vigilant, so let’s have a closer look at one of these typical email messages…
IS THIS EMAIL LEGIT?
Here’s a comparable message I have in my inbox:
Notice that the subject isn’t just text, it includes a few emoji to make things even more urgent: “⚠️ Final Notice: Your photos and videos will be deleted – take action ⚠️”. The message itself is reasonable at first glance, with the use of the word Drive suggesting that it might be Google Drive in question.
Look at the headline: “Your Cloud Storage may be Full”. So… it’s full, or it’s not? Since it’s offering a free upgrade, that seems worth pursuing. But it’s not free, as we’ll see in a few clicks. Still, “Keep Using Cloud Storage” seems reasonable.
Before going any further, however, always check the sender and recipient information on the email message. In Gmail, you can click on the tiny downward triangle in the sender area to get more information about the “envelope” of the email:
This is sufficient to know that you can delete this message. In no universe will Google, Apple, Dropbox, Microsoft, or any other company be sending messages from giize.com or zdfdeutsch.baby. Further, notice that it’s not actually addressed to me, but rather to what looks like an email address composed by my cat running across the keyboard. Bogus.
Not convinced? Most email programs will give you a preview of a link before you click on it, including the link associated with buttons and other graphical elements:
This one points to storage.googleapis.com, which isn’t unreasonable if it were Google, so.. hmmm…
DESTINATION SITE IS RISKY
A click on the button and Microsoft Edge’s built-in malware protection system suddenly kicks in:
In addition to the warning itself, notice that again we are heading to a site that is most assuredly not Google: difmoxil.info
So you don’t have to, I’ll click on “Proceed Anyway” to see what transpires.
Another error. But this time for a different site: hlpiip8trk.com. here’s what’s happening: This spam is bouncing me from site to site to cover its digital tracks. Sometimes malware can be hidden on one of the bounces, but often it’s just a way to create an untraceable path.
INCREASE YOUR CLOUD STORAGE NOW
A “Refresh” and it actually works, with yet a few more bounces, ultimately taking me to a page on cloudninestorage.com with the following pop-up:
We’re back to the ambiguity observed earlier. I’ll click on “Continue” and it’s a well-designed page that animates the “analysis” of the “data” in cloud storage:
Not only are they trying to upsell cloud storage, but also offer Antivirus and VPN. I hope it goes without saying that trusting antivirus software from a spammer is an incredibly bad idea, one that is far more likely to have your computer compromised, attacked by ransomware, or worse.
Again, however, I’ll keep going so you can see where this ends up:
What a surprise! It’s a safe bet that 100% of people who end up on this page “qualify” for the upgrade. You can see the theme here, right? Keep moving, there’s a deal, you don’t want to lose your data, click, click, click!
Finally, finally, here’s where another bounce takes me:
Turns out that Total Drive is an entirely legit cloud storage company after all. The company clearly pays affiliate commission and the spammer is signed up as an affiliate. If you did subscribe, you would get a legit service, but you don’t need it. You are not running out of cloud storage.
As with so many urgent deals in the modern era, this is all a scammy way to try and have you react based on fear – don’t lose your photos and videos! – rather than ask even the most basic questions about the legitimacy of the message and promotion. Now, put on your detective hat and figure out what’s going on before you click.
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!