A phishing email impersonating iCloud is currently being intercepted by MailGuard’s cloud-based email filters. The scam attempts to deceive users into entering their credentials via a fake upgrade portal, putting both individual and corporate data at risk.
A Deceptively Simple Attack
This threat is delivered via a straightforward HTML email claiming the recipient’s iCloud mailbox has reached “97%” of its storage quota, a common pressure tactic to elicit urgency. The email uses branding consistent with iCloud and appears to come from the address `mail(at)samalun(dot)com` but falsely displays the sender’s name as “iCloud” followed by the recipient’s domain.
The subject line reads: “Your iCloud storage is full.”
The email encourages users to click on a provided link to “upgrade” their mailbox storage, claiming that without action, incoming mail may be lost. However, this link leads not to Apple or iCloud, but to a credential-harvesting phishing page designed to steal user login details.
Behind the Curtain: How the Scam Works
Once the user clicks the link, they’re directed to a phishing website hosted at a deceptive third-party domain. The scam displays a login prompt embedded within what appears to be a legitimate business website. This illusion is created by using the `thum.io` screenshot service to show a background image of the recipient’s actual domain (example shown with the MailGuard website) giving the impression of continuity and authenticity.
The URL of the phishing site includes the target’s email address as a parameter, reinforcing the illusion of legitimacy.
The site prompts the victim to enter their password. Once submitted, they are redirected to their real company website to reduce suspicion, but by then, their credentials have already been harvested.
Indicators of a Phishing Attempt
This scam is effective because it blends familiar branding, urgent language, and subtle technical deception. It targets users’ trust in known platforms like iCloud while leveraging clever visual tricks to disarm suspicion.
Look out for:
- Generic greetings and lack of personalisation
- Pressure to act quickly (e.g. storage limits, service disruption)
- Suspicious links that don’t match the brand’s official domain
- Unexpected login prompts that mimic trusted login pages
Who Is Being Targeted?
This scam is not aimed at individual Apple users alone, it’s designed to exploit users in business environments, particularly those using custom domains or Microsoft 365 services. The phishing site mimics corporate portals, making it likely to bypass user suspicion in a workplace setting.
MailGuard’s filtering engine is intercepting these threats before user engagement. However, organisations relying solely on built-in filters may not be protected, especially when attackers use new URLs or minimal HTML to bypass detection.
Stay Safe - Know the Signs
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
- Aren’t addressed to you personally.
- Are unexpected and urge immediate action.
- Contain poor grammar or miss crucial identifying details.
- Direct you to a suspicious URL that isn’t associated with the genuine company.
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One Email Is All That It Takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist, 'zero zero-day' email security. Special Ops for when speed matters! Our real-time 'zero zero-day', email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
