It’s always been important to be vigilant when you use your Mac and watch out for possible scams. However, it seems that scammers are becoming ever more creative in the ways that they try to make you click a malicious link. One recent version of a phishing attack is the iCloud storage scam. In this article, we’ll explain what the iCloud storage scam is, how to avoid it, and what happens if you click a link in an email sent by a scammer.

What is the iCloud storage scam?

First spotted in late 2023, the iCloud storage scam is a phishing email which claims that your iCloud storage is nearly full and that by clicking a link in the email, you can get a great deal on a higher storage tier or even get more storage for free. The email doesn’t come from Apple and is designed to get you to click a malicious link.

What happens if I click the link?

The first thing that happens is that the link redirects multiple times. The final destination could be anything from an innocuous website to a page designed to look like an Apple ID login. That would then ask you to supply personal details, possibly including payment information, in order to steal money from you. It’s also possible the link could land on a web page that downloads malware to your Mac, such as adware, a browser hijacker, or a cryptocurrency miner. The scammers can change the destination at will just by modifying an entry in a database.

How to avoid the scam?

The golden rule is that you should never click a link in an email or message unless you are absolutely certain it’s safe and where it leads. Also, take some time to improve your privacy.

Tip: How to protect your privacy on your Mac

Malware is just one way that your privacy can be compromised when you use your Mac. Applications can, with your permission, access your camera and microphone and record your screen. They can also access folders. Websites store cookies and other files on your Mac to collect data. Your Recent Items list, browser history, and downloads all have information that could be used to invade your privacy. The easiest way to manage all those privacy options is to use CleanMyMac X’s Privacy module, which lets you manage app permissions, delete browser data, and remove the contents of your Recent Items. You can download CleanMyMac X for free here.

CleanMyMac X - Application permissions


How do I know if an iCloud email is a scam?

There are a few things you can do to check whether an email you have received is an icloud storage scam.

  1. Check the sender. In Apple Mail, hover over the sender with the mouse pointer and click the down arrow to reveal the sender’s email address. If the address doesn’t end in ‘apple.com’, it’s a scam. No one other than Apple would send you an email about your iCloud storage because no one other than Apple knows whether it’s nearly full.
  2. If you can’t do that, look at the wording of the email. Does it read like a professional email from a company like Apple? Usually, despite scammers’ best attempts and increasing skill, there are giveaways in the grammar or spelling or in the way the email is designed.
  3. How does the email address you? Does it use your name, or is it a generic ‘Dear Sir/Madam’ or something like that? Apple knows your name. If it was sending you an email, it would use it.
  4. Check your iCloud storage. Go to System Settings > your Apple ID > iCloud. Is the storage indicator at the top of the window nearly full? No? Then it’s definitely a scam. Yes? It’s still more than likely to be a scam. Apple doesn’t need to email you to upsell iCloud storage, it will just alert you in System Settings.
System Preferences - iCloud

How to report an iCloud storage scam

If you suspect that an email is a scam, you should report it immediately to Apple. Here’s how to do it:

  1. Select the message in Mail.
  2. Click the View menu, then Message > Raw Source.
  3. A window will open with the text of the raw source.
  4. Click the File menu and choose Save As; save it somewhere like your desktop or documents folder.
  5. Compose a new email explaining what has happened and attach the text file of the raw source.
  6. Address the email to [email protected] and send it.
  7. Mark the original email as spam.

How to remove malware on your Mac

If you are worried that you have already clicked a link in a scam email (perhaps because you’ve noticed unusual behavior on your Mac) and downloaded malware as a result, you should use specialist software to check. You can’t check for malware yourself because you don’t know what to look for. Specialist tools search your Mac for files and compare what they find with a database of known malware.

We recommend CleanMyMac X’s Malware Removal module. It allows you to choose between a deep scan, which will search every file and folder to hunt down malware, a quick scan that prioritizes speed over the depth of the scan, and balanced, which, as its name suggests, is a balance of the two. You can also choose whether to invoke a scan manually or have CleanMyMac X check for malware automatically in the background.

  1. Open CleanMyMac X and choose Malware Removal in the sidebar.
  2. Click Scan to begin a scan, or Configure to change the settings.
  3. If CleanMyMac X finds anything, click the Remove button to get rid of it easily.
adware found with malware removal module of CleanMyMacX

As you can see, iCloud storage scams are another form of phishing emails, similar to most other phishing scams. Despite what they promise, they can’t offer free iCloud storage or a discount on your subscription. Follow the steps above to avoid them and keep your Mac safe.