Remove “Cloud – Your Payment Method Has Expired” email

The “Cloud – Your Payment Method Has Expired” email is part of a phishing campaign that targets users’ financial data, specifically their credit card information. The email claims that the recipient’s payment method has expired and needs to be updated in order to reenable cloud services. According to the email, the recipient’s account has been blocked, and all data stored in the cloud may be deleted on the specified day. If users engage with the email, they would likely be asked to type in their payment card information. At the moment, the link in the email leads to a site that does not load, but it may become available at any time.

 

 

The email is a fairly typical phishing attempt. It’s designed to resemble a notification from a cloud storage service, supposedly informing users that their payment method has expired. This has supposedly triggered the cloud account to be disabled. According to the email, if users do not update their payment information, the data stored in the cloud will supposedly be deleted permanently. The email has an “Update my payment details” button that should, presumably, lead to a site that asks for users’ payment card information.

The site the email links to does not appear to work at the moment, but different links may be included in future emails. This particular email is a rather obvious phishing attempt, but more sophisticated ones are also common. Login credentials for email accounts and financial information are particularly sought after by cybercriminals, so users need to be very careful.

The full “Cloud – Your Payment Method Has Expired” email is below:

Subject: Cloud Storage Alert: Upgrade Before Your Files Are Deleted

Cloud

Your payment method has expired!

Please update your payment details.

If you’ve run out of Cloud space, consider upgrading your storage plan.

Your Cloud Service Has Been Disabled

We were unable to renew your Cloud storage.
Without storage, you risk losing all files and data stored in the Cloud Service.

Order Details:

Subscription Plan: 250GB
Product: Cloud Storage
Expiration Date: June 19

Without sufficient Cloud space, you may not be able to store all your data and files.

Final Notice: Your data is at risk of deletion.

Your account has been blocked. All your photos and videos may be permanently removed today.

UPDATE MY PAYMENT DETAILS

If you have received this email and the link worked when you clicked on it, you need to immediately contact your bank to cancel your card if you entered the requested information on the site. If you do not do this, the malicious actors operating this phishing campaign may be able to make unauthorized purchases.

What are the signs of a phishing email?

Generic emails from phishing campaigns that target many users are relatively easy to identify in many cases. Because malicious actors target many users with the same email, the emails are very generic and impersonal. More sophisticated phishing attempts are usually reserved for specific, high-profile targets.

How an email addresses you can tell you a lot about its legitimacy. You may have noticed this, but whenever a company whose services you use sends you an email, you are addressed by name (or rather, the name you provided when making an account). This is done to make the email more personalized. Emails that do not address you in any way (as is the case with this “Cloud – Your Payment Method Has Expired” email) or ones that use generic words like “Customer”, “Member”, “User”, etc., should be looked at with suspicion.

When you receive unsolicited emails, start by checking the sender’s email address. Sometimes the address may seem random and unprofessional, which immediately raises suspicion. In other cases, it might appear credible, so it’s a good idea to research it before engaging. A quick Google search can help you verify whether the email address belongs to whomever the sender claims to be. Be cautious, as scammers can easily make their addresses mimic those of real companies by tweaking letters or adding extra characters.

Another indicator of a phishing email is the presence of grammar and spelling mistakes, especially in emails that claim to be from reputable sources. Many low-effort phishing attempts are riddled with mistakes. If an email looks grammatically correct but the wording seems off or it fails to address you by name, be skeptical. Legitimate emails from trustworthy companies will never have mistakes.

Finally, it’s recommended to refrain from clicking on links in unsolicited emails altogether. If you receive an email about an issue with your account, it’s safer to log in directly to your account to investigate rather than clicking any links provided. Additionally, always run attachments from unsolicited emails through an anti-malware program or use services like VirusTotal before opening them.