Over the past week, I’ve gotten several emails warning me that my immediate attention is needed because my cloud storage will soon be deleted. These messages are bogus, but they weren’t caught by the spam filter—you might receive them too.

The Phony Emails

Below is an example of the emails I’ve received. The sender is listed as Cloud/Storage, Security/Support, or similar. And the subject line is always something dramatic, like Your Membership Will Be Cancelled Tomorrow with a “warning” emoji.

The emails don’t name a specific service; the first line says “Your Cloud data is at immediate risk of deletion”, while the following paragraph names the service as “Cloud+”. However, later bullet points name three Apple devices (iPhone, iPad, and Mac) and the message also mentions “seamless access to your files across all Apple devices”.

This campaign is thus attempting to impersonate Apple’s iCloud service, but it doesn’t do a very good job of it. The logo doesn’t look the same, and the “Cloud+” name is only used once (compared to Apple’s iCloud+ branding for its paid plans). Other fake Apple phishing emails look much more convincing, since they mimic official company emails.

As with most phishing emails, the goal is for you to click the Update Payment & Secure My Data button, which will take you to a fake login page. Entering your username and password here will hand your credentials over to a thief, who can use them to get into your actual account.

Signs That This Is a Fake Email

Whenever I cover a phishing email like this, it’s useful to analyze the telltale signs. Every time you get a phony email, it’s an opportunity to sharpen your skills to avoid falling for the next email phishing attempt, which might be harder to detect.

This has several classic warning signs of a fake alert. The sender’s email address is from a strange, unrecognizable domain, and the message was also sent to another address with a very long, weird domain. There’s an IP address (or random number in some of them) at the top of the email, which isn’t something a legitimate company would do.

In the body of the email, there’s a writing error: “May” is capitalized when it shouldn’t be. There are two separate “unsubscribe” links in the footer, while normal emails usually have one.

Another common sign of a fake email is the lack of personalization, which you can see here from the generic “Dear user” greeting and failure to mention the payment method on file. Most real emails about rejected payments will list your card’s provider and the last four digits, or the alternative payment method like PayPal.

And you might have noticed the company name at the bottom: “Design Studio Fabrics” in Danville, VA. It obviously doesn’t make sense for a fabric company to offer cloud storage. Searching for this name online brings up results for a legitimate company called Barbee Fabrics Of Danville, Inc.

Unfortunately, that company has received negative Google reviews from people who got this same email, even though it has nothing to do with these phishing messages. Meanwhile, the listed address is for a different business in the area—a restaurant that’s permanently closed.

Several of the emails I received had a different company name and address given, none of which properly matched up to real companies. Some of the addresses were for residences, not businesses.

Phishing emails always prompt you into “urgent” action so you act quickly without thinking; all the emails I’ve received like this list the current date as when your data will be deleted. Additionally, the fact that I’ve received so many near-identical emails with different “deadlines” and company names on them is, in itself, a sign of something being wrong.

Legitimate companies don’t send emails like this. The best cloud storage services won’t threaten to delete all your data on the same day if you don’t free up some space; they’ll give a grace period. And of course, real companies won’t have wildly incorrect contact information at the bottom of their message.

Report and Delete Phishing Emails

Whenever you get a phishing email in Gmail, you should click the three-dot button at the top right of it and choose Report phishing. As more people report it, Google should become aware and take action against the sender.

Of course, you shouldn’t interact with anything in this email; you should report it (which will mark it as Spam in Gmail) and move on. These emails demonstrate another great baseline rule of online security: if you didn’t ask for it, assume it’s fake. Even if you use iCloud, which these emails are poorly impersonating, you should know what a real email from Apple looks like.

This is a particularly annoying phishing campaign, since it didn’t just stop at one message. Gmail’s spam and phishing protection is usually strong, so I’ve been surprised to see these messages in my inbox—and with no warnings attached to them. You may need to take stronger steps to block phishing emails if you continually receive them.

Thankfully, this one wasn’t too hard to spot, but you should still be aware of ongoing scam campaigns. Let others know that this is going around, as you might save someone from a huge headache by doing so.