Technology
Cloud Storage Full scam steals your photos and money
NEWYou can now listen to Fox News articles!
A new scam is sweeping across smartphones and catching thousands of people off guard. Criminals are sending fake “Cloud Storage Full” or “photo deletion” alerts that claim your images and videos are about to disappear unless you upgrade your storage. The warning looks urgent and real. It even mimics major cloud services. But the moment you click the link, you enter a trap.
Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter
How this fast-growing Cloud Storage Full scam tricks victims
Trend Micro researchers recently uncovered this fast-growing phishing campaign after seeing a massive jump in activity. The company reports a 531% month-over-month spike from September to October, which shows how quickly the scheme is spreading.
PROTECT YOUR DATA BEFORE HOLIDAY SHOPPING SCAMS STRIKE
Scammers use convincing storage alerts and fake dashboards to push victims into paying small fees that expose their credit card details. (Pixelfit/Getty Images)
Scammers are sending personalized SMS and iMessage alerts that include your name and a believable count of photos or videos. Once you tap the link, you land on a very convincing fake website that appears to be a cloud storage dashboard. From there, you are urged to pay a tiny $1.99 upgrade fee to prevent deletion. Instead of protecting anything, you hand over your credit card, PayPal login or other personal information.
Trend Micro provided several screenshots and internal samples that reveal how polished the scam has become. The fake sites use progress bars, countdown timers and warnings that your files will be lost. They even simulate a cloud storage layout to match the look of popular platforms.
Jon Clay, VP of Threat Intelligence at Trend Micro, shared an important warning to CyberGuy:
“The recent spike in ‘Cloud Storage Full’ scams shows just how well cybercriminals are perfecting emotional manipulation. These scams prey on fear and urgency, warning users their photos will be deleted unless they pay a small upgrade fee. During a time of year when we may be capturing many precious moments on camera, scammers are targeting older adults who may think this type of scam message is legitimate and who may be worried and anxious about losing something that cannot easily replace. Consumers should always stay cautious of unsolicited messages and always verify alerts directly through official apps or websites.”
Trend Micro’s analysis outlines exactly how the scam works, from the initial message to the final theft. Their screenshots show fake dashboards, false warnings and pages asking for credit card or PayPal details. Some versions even redirect to legitimate sites later to cover their tracks.
How the Cloud Storage Full scam works
Scammers follow a predictable pattern with this scheme, and each stage reveals a clear red flag that can help you spot the danger early.
1) Initial contact
Victims receive an unsolicited SMS or iMessage that claims their photos or videos will be deleted soon. Messages include the person’s first name and fake counts like “1,675 images” or “2,010 snaps” to boost credibility. Scammers add statements like “Act now” or “Final warning” to trigger panic. Each message ends with a short link that leads to a malicious .info domain.
FAKE CHATGPT APPS ARE HIJACKING YOUR PHONE WITHOUT YOU KNOWING
2) Trust building
After tapping the link, the user arrives at a fake “Cloud Storage Full” website. It mirrors the fonts, icons and button styles of real cloud services. Users see alerts such as “Your photos, contacts and private data will be lost.” Everything looks polished to reduce suspicion.
3) The hook
The site claims your storage is completely full and urges a one-time upgrade for $1.99. A progress bar sits at 100 percent full and a countdown timer warns that data will vanish in minutes. The “Continue” button goes to a fake payment page.
4) The exit
Once victims enter credit card or PayPal details, scammers harvest the data instantly. Attackers may use stolen credentials for unauthorized purchases, credential stuffing or resale on dark web markets. Some victims receive fake receipt emails to make the charge look legitimate.
Trend Micro reports that certain scam sites later redirect to real pages like iolo.com to hide their tracks.
Scammers use fake dashboards and alerts to push victims to share payment info. (Kurt “CyberGuy” Knutsson)
Red flags to watch for
- Urgent warnings that your photos will be deleted
- Unfamiliar links ending in .info
- Messages that include your name to appear credible
- Payment requests for tiny fees like $1.99
- Countdown timers meant to force quick decisions
- Sites that look familiar but have unusual URLs
Tips to stay safe from Cloud Storage Full scams
Scammers rely on fear and urgency to push quick decisions, but a few smart habits can shut down their tricks before they start.
1) Verify alerts inside the official app or website
Open your cloud storage app or go to the official website directly. If you see a real problem, it will appear there. This simple step prevents you from reacting to fake warnings.
GHOST-TAPPING SCAM TARGETS TAP-TO-PAY USERS
2) Never tap storage alerts sent through SMS or iMessage, and use strong antivirus software
Break the habit of tapping links in messages. Real cloud services rarely text users about photo deletion. A strong antivirus tool will flag dangerous links before they open.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
3) Use a data removal service
Consider using a reputable data removal service to scrub your personal details from data broker sites. This step makes it harder for scammers to target you with personalized messages that look real.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
4) Watch for strange links
Look closely at every link. Scammers rely on short domains that look suspicious. Legitimate companies avoid shortened URLs and unknown domains.
5) Use multi-factor authentication
Turn on multi-factor authentication (MFA) for all cloud and payment accounts. It adds a powerful layer of protection if criminals steal your login.
6) Check your credit card for small test charges
Review your statements often. Attackers start with tiny charges to test a card before making bigger purchases.
GEEK SQUAD SCAM EMAIL: HOW TO SPOT AND STOP IT
7) Use a password manager
A good password manager helps you create strong, unique passwords. It limits the fallout if your login appears in a data breach.
Next, see if your email has been exposed in past breaches. Our #1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
These fake storage warnings mimic real cloud services and pressure users to upgrade for $1.99. Once you enter payment info, scammers steal it instantly. (uchar/Getty Images)
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com
8) Report suspicious messages
Forward scam texts to 7726 (SPAM). This helps carriers block similar messages for everyone.
Kurt’s key takeaways
This scam spreads because it hits people where they are most vulnerable. Our phones store personal memories, family events and moments we never want to lose. Scammers know this and are now creating messages that look real enough to fool even the most cautious users. Emotional triggers like fear and urgency remain powerful tools for cybercriminals. Always question surprise warnings about data loss. When in doubt, check your account directly through the official app or website. A few seconds of verification can save you from credit card theft and identity headaches.
Have you ever received a message like this, and how did you handle it? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter
Copyright 2025 CyberGuy.com. All rights reserved.
Microsoft launched Teams’ Together Mode during the pandemic to give the illusion of a bunch of people sitting in a conference room together, even if they were really sitting at home without pants on. But times have changed, and it’s now being retired in favor of a more simplified Teams experience. The feature used AI to cut your head and shoulds out, and place you in a virtual space with others in the meeting. It could definitely feel gimmicky — especially when you’d tap co-workers on the shoulder, or give virtual high fives — but it did limit visual distractions.
The changes are being rolled out gradually, but as they are, the Together Mode toggle will disappear from the view menu. And Together-specific features, such as scenes and seat assignments, will go along with it. Part of the reasoning, according to Microsoft, is to reduce fragmentation across various platforms. But it also cites a streamlined interface with fewer options, less clicking, and less confusion. It also says this will allow the company to focus on improving video quality, stability, and performance.
NEWYou can now listen to Fox News articles!
An impostor phoned Alight Solutions, the recordkeeper for Colgate-Palmolive’s 401(k) plan, and identified herself as a Colgate employee. She asked to update the contact information on an account. Months later, the entire $751,430 balance had been sent in a single lump sum to a Las Vegas address and bank account. The real account holder, Paula Disberry, was living in South Africa.
Disberry sued Alight, Colgate’s benefits committee and BNY Mellon, the plan’s custodian, to recover the money. The case was later settled on undisclosed terms. The court never ruled on whether Alight had to restore the funds.
In February 2026, the Government Accountability Office told the U.S. Department of Labor to issue new guidance on retirement plan participant data. The GAO cited eleven separate lawsuits filed between 2009 and 2024 under the Employee Retirement Income Security Act, the federal law governing private retirement plans.
When account takeover hits a 401(k), the consumer protections that govern credit card fraud do not apply.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
REMOVE YOUR DATA TO PROTECT YOUR RETIREMENT FROM SCAMMERS
A stolen 401(k) shows how one phone call, exposed personal details and weak account-change safeguards can drain retirement savings. (Kurt “CyberGuy” Knutsson)
How the 401(k) account was drained
The Disberry case began when an impostor called Alight’s Benefits Information Center. She gave Disberry’s name, the last four digits of her Social Security number, her date of birth and the mailing address Alight had on file. That was enough to clear the call center’s security check.
She then asked Alight to update the contact information on Disberry’s account. Alight did not send an alert to Disberry’s existing email address or phone number, both of which it had on file. Instead, the company issued a temporary password through the mail.
Disberry’s plan had a 14-day waiting period between an address change and any distribution. Her lawsuit alleged that Alight skipped it. Within weeks, the impostor logged in, requested a full payout, and BNY Mellon mailed a check to a Las Vegas address.
Why the 401(k) account takeover isn’t an isolated case
Heide Bartnett, a former Abbott Laboratories employee, sued Alight over a $245,000 401(k) distribution. She alleged that a hacker used the plan portal’s “forgot password” feature to reset her credentials and trigger the payout. Other retirement plan recordkeepers have faced similar cybertheft lawsuits.
The problem extends beyond 401(k) accounts. The FBI’s April 2026 Internet Crime Report found that Americans 60 and older lost $7.7 billion to internet crime in 2025, a 59% jump from the year before. Investment fraud accounted for $3.5 billion of those losses, making retirement-age savers a major target for online criminals.
INSIDE A SCAMMER’S DAY AND HOW THEY TARGET YOU
Retirement account takeovers can start with leaked names, birth dates, partial Social Security numbers and reused passwords from past data breaches. (Kurt “CyberGuy” Knutsson)
How thieves take over retirement accounts
Account takeovers begin with information someone already has. Names, dates of birth, partial SSNs and email addresses appear in dark web breach dumps, often combined with leaked passwords from unrelated services. When the account holder reuses a password across accounts, hackers can test that breach data directly against the recordkeeper’s login portal.
Disberry’s takeover bypassed the login portal entirely. The impostor never logged in to Disberry’s account directly. She called Alight’s call center, used what she already knew about Disberry to clear identity verification and had the contact information changed. After that, the temporary password Alight mailed went somewhere only the impostor could intercept.
Some thieves skip the recordkeeper and go straight for the account holder. The New York Times documented the case of Barry Heitin, a 76-year-old retired lawyer, who lost $740,000 in 2024 after receiving a call from someone claiming to be a federal fraud investigator. The caller convinced Heitin that his retirement accounts were under attack and walked him through transferring the money out himself. He believed he was helping a federal investigation.
How to protect your 401(k) and retirement savings
Federal protections for retirement account theft are limited, but several account-level controls cost nothing and may make takeovers harder.
- Turn on multi-factor authentication on the recordkeeper portal. A stolen password is far less useful when a one-time code is required.
- Enable every account-change alert. Email and text alerts for password resets, contact information updates, address changes and bank account changes are the earliest signals that someone else has access to your account.
- Ask your plan administrator about distribution holds. Some plans impose a waiting period between an address change and any distribution. Get the policy in writing and confirm what triggers the hold.
- Review statements quarterly. A new bank account or a change in contact information shows up faster on a quarterly review than on an annual one.
- Get an IRS Identity Protection PIN. The six-digit PIN, available at irs.gov/ippin, blocks fraudulent tax returns filed using your SSN.
- Freeze your credit at all three bureaus. A freeze blocks new accounts from being opened in your name. Equifax, Experian and TransUnion have offered free freezes since September 2018.
HOW TO STOP IMPOSTOR BANK SCAMS BEFORE THEY DRAIN YOUR WALLET
Multi-factor authentication, account-change alerts, credit freezes and regular statement reviews can help protect your 401(k) before thieves strike. (Kurt “CyberGuy” Knutsson)
Where identity theft monitoring can help
Account-change alerts on the recordkeeper portal only work if the recordkeeper sends them. The Disberry case showed what can happen when those alerts go unsent.
A strong identity theft monitoring service can add another layer of protection by watching for suspicious activity beyond the retirement plan portal. Some services let you link bank, credit card and investment accounts so you can receive alerts when unfamiliar transactions appear. In a retirement account takeover, that could help flag suspicious money movement even if the recordkeeper misses the outgoing transfer.
Many identity theft monitoring services also watch for changes across your credit reports, scan the dark web for exposed personal information and search data broker or people-search sites for your details. Some plans also include fraud resolution support and identity theft insurance for eligible recovery costs.
How to check if your personal information was exposed
If you are unsure whether criminals have already exposed your information, take action now. Start with a free identity breach scan to see whether your data appears in known leaks. Early detection gives you more control and helps you respond before fraud spreads. You can also check whether your personal information is already being used for identity theft, fraud or appearing on the dark web.
See my tips and best picks on Best Identity Theft Protection at CyberGuy.com
Kurt’s key takeaways
Retirement accounts can feel separate from the everyday fraud risks we hear about with credit cards, email accounts and bank logins. But this case shows how quickly a 401(k) can become a target when someone has enough personal information to fool a call center or reset account access. The scary part is that a stolen retirement account may not come with the same consumer protections people expect from credit card fraud. That makes prevention and early warning signs even more important. Turn on multi-factor authentication, enable every account alert your plan offers and ask your employer or plan administrator what happens after an address, phone number or bank account change. No one should have to find out months later that their life savings disappeared. The earlier you spot suspicious activity, the better your chances of stopping the damage before it becomes a financial nightmare.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Should retirement plans be required to send stronger alerts before any major account change or distribution, especially when someone’s life savings are on the line? Let us know by writing to us at CyberGuy.comCyberguy.com
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Apple is hoping that its record on privacy can be the differentiator on the AI front, and maybe even buy it a little slack as it continues to lag behind the competition. According to Bloomberg’s Mark Gurman, the more chatbot-like Siri set to debut in iOS 27 will include the option to autodelete chat histories. Users will be able to save conversations for 30 days, one year, or forever. That’s in stark contrast to the other major players in the space that generally only offer temporary incognito chats, if that.
It appears Apple is betting that people are willing to give up some convenience in the name of greater privacy, as anxiety around AI continues to increase. While the company is replacing many of its under-the-hood components with Google’s Gemini tech, it seems to be trying to turn some of Apple Intelligence’s perceived weaknesses into a selling point. As Gurman notes:
Most leading AI chatbots today rely heavily on histories and memory systems to personalize responses and improve future interactions. But Apple will place tighter limits around how memory works, including restrictions on what information can persist and how long i can be retained.
-
Florida1 minute agoSouth Florida’s top deals: 5-acre dev site near the Everglades trades hands
-
Georgia7 minutes agoGeorgia softball dominates Clemson, advances to super regional
-
Hawaii13 minutes agoHomelessness drops 91% in Waikiki core | Honolulu Star-Advertiser
-
Idaho19 minutes agoVideo: Two Fighter Jets Collide During Idaho Air Show
-
Illinois25 minutes agoPritzker family tree: Illinois’ richest dynasty
-
Indiana31 minutes agoFrom Bright to Bestseller Dreams: Local Author Writes Thriller Series Around Moores Hill
-
Iowa37 minutes agoStorms cause significant damage to Kingsley in Northwest Iowa
-
Kansas43 minutes agoKansas Hispanic Education & Development Foundation offers more than scholarships
