What happened
A large-scale cloud storage payment scam campaign has been sending repeated fraudulent renewal emails to users worldwide. The emails falsely warn that cloud subscriptions have expired or that payment methods failed, threatening loss of access to files, photos, and backups. Messages use varied subject lines and sender domains and contain links hosted on Google Cloud Storage that redirect victims to phishing pages impersonating cloud service portals. The pages display urgent warnings and prompt users to upgrade plans or submit payment details, using familiar branding to appear legitimate.
Who is affected
Recipients of the scam emails are affected, as clicking the embedded links can lead to phishing pages designed to steal credentials or payment information.
Why CISOs should care
High-volume phishing campaigns exploiting trusted infrastructure and cloud branding increase the likelihood of user interaction and financial or credential compromise.
3 practical actions
- Audit email filtering controls. Identify recurring scam templates and sender patterns.
- Educate users on fake renewals. Reinforce how legitimate cloud providers communicate billing issues.
- Enhance link inspection. Detect and block redirectors leading to phishing sites.