The cloud payment alert scam that wants to steal your money

In recent weeks a global scam has emerged that exploits the most basic fear of anyone using copies in the cloud: losing photos, documents and backups. The attackers send emails that simulate being notices of payment or storage problems, with issues designed to cause haste - from "rejected payment" to warnings with your name and specific dates - and with senders that seem to be generated randomly as xavpy @ njyihuhzhyjumdjenwdsugjsku.us or hxsupportxf @ bjmbsjannjjvdfdlntduihco.com. The tactic is simple: to provoke panic and to have the victim press a link without thinking.

The curious and dangerous thing about this campaign is the infrastructure they use. All emails include a link that part of storage.googleapis.com, the public domain of Google Cloud Storage that allows hosting static files. From there, visitors are redirected to fraudulent pages hosted in random domains that mimic portals of cloud services, with logos and texts that speak of "full storage" and of the alleged imminent elimination of data.

On those pages a fake scan is run that always says your photos, mail and backups are complete and at risk. Below they offer a "loyalty offer" with discounts of up to 80% to update the plan, but by pressing the buttons the navigation ends on pages of affiliates with products that have nothing to do with your cloud service: VPNs of dubious reputation, unknown security programs and payment forms intended to generate commissions for the perpetrators of the fraud.

The goal is not to steal your files directly, but your money and payment data: payment pages collect cards and bank data and convert clicks into marketing commissions. Many people, scared by the possibility of losing digital memories or important documents, buy thinking that this is how they solve the problem, while they are actually funding the scammers and exposing their financial information.

There are two clear signals that should turn on an alarm: that the mail will ask you to press an external link without further checks, and that the process will take you to a site other than the official supplier. Legitimate cloud service providers usually treat suspensions very differently. For example, Google explains that if a Google Drive plan is cancelled, access to the additional space is lost until the payment is restored, but files are not deleted until after two years; that information is available on the official Google support: Google support. Microsoft OneDrive maintains a similar policy: access can be restricted and only in case of exceeding grace times can files be deleted, according to its official documentation: OneDrive support.

In addition to knowing the real policies, it should be remembered that serious companies do not ask to verify payments by web scanning hosted by third-party services or to redirect you to other software sales sites to solve a billing failure. If you doubt, enter the official website or the service app and check the billing section. instead of following the mail link.

If you have received one of these emails, the practical recommendation is clear: do not click on the links, do not download attachments and delete the message. If you have already entered payment data on a suspicious page, contact your bank or card issuer to block or monitor the card and consider filing a complaint. To better understand how to recognize phishing attempts and what steps to take in case of doubt, you can consult consumer protection resources and phishing guides, such as those of the Federal Trade Commission: FTC: how to detect and avoid phishing, and Google's security information: Google Security Center.

Massive campaigns like this benefit from automation: they generate banners with strange names, personalize issues with your name or mail address and vary the texts to draw filters. That is why it is common to receive several versions of the same deception. If you want to protect yourself in the long term, activate the verification in two steps in your main accounts, regularly review the payment methods associated with your subscriptions and keep track of the charges on your card.

Finally, if you detect these scams, report them. Informing the supplanted service provider and mail platforms helps stop the spread. Specialized publications and incident response teams often document campaigns to alert users and companies; you can consult means of reference in cybersecurity as well as BleepingComputer to follow similar cases and be up to date.

The key to not falling into these frauds is calm and direct verification: question the urgency of the alarmist messages, consult the official service on your own and protect the payment information. So you drastically reduce the probability of turning a scare into a real loss.