Fake "your iCloud is full, renew now" emails are one of the most common phishing patterns of 2025, per the Federal Trade Commission. They look almost identical to real billing notices. Once you know the five red flags, the fakes become obvious, and the real ones become useful again.
Done in seconds. No sign-up required.
Real cloud renewal emails do not include payment forms inside the message and do not threaten file deletion within 24 hours. Apple, Google, and Microsoft all send billing notices that link to their own settings page and let you handle the subscription there. Anything asking you to enter a card number or password directly in the email, or promising imminent deletion if you do not act now, is a phishing attempt.
The defense is not just spotting the fakes. It is knowing your real renewal date in advance, so the scare tactics have no leverage. If you already have a reminder for the actual date, every "your account expires today" email becomes obviously fake.
Any one of these is enough. Most scams hit three or more.
Hover over the sender name (or tap on mobile) to see the actual email address. Real Apple emails come from apple.com or email.apple.com. Real Google emails come from google.com or accounts.google.com. Anything else, even something close like apple-billing.com or google-renew.net, is a fake.
Apple, Google, Microsoft, and Dropbox never put a card-entry form or login form inside a billing email. They link to their own settings page where you authenticate normally. A "click here to confirm payment" form embedded in the email body is always a scam.
"Your files will be permanently deleted in 24 hours unless you renew now." Real providers give weeks of notice. iCloud's grace period is 30 days, Dropbox is 30 days, OneDrive is 30 days plus a 90-day lock period. Same-day urgency is the scammer's most reliable tell.
"Dear user," "Dear Customer," "Hello account holder." Real billing emails address you by the name on the account. Generic greetings mean the email was blasted to thousands of addresses with no idea who you actually are.
No legitimate provider ever asks you to "verify your password" or "confirm your card details" by replying to an email or clicking a link. If a renewal email is asking for credentials, it is collecting them for fraud, not for billing.
Hover over any "renew now" or "manage subscription" button. Real provider links point to their own domain (apple.com, google.com, microsoft.com, dropbox.com). bit.ly, tinyurl, or anything pointing to an unfamiliar domain is the giveaway.
Apple sends billing notices from no_reply@email.apple.com. The subject is usually something like "Your subscription renewed" or "Receipt from Apple." There is no payment form. The email tells you to open Settings on iPhone, or appleid.apple.com in a browser, to make any changes.
Google One billing comes from googleone-noreply@google.com or no-reply@accounts.google.com. Subject lines mention the membership renewing soon or a successful renewal. Microsoft 365 billing comes from microsoft-noreply@microsoft.com with subject lines about subscription renewal. Dropbox sends from no-reply@dropbox.com.
All of them link to their own provider settings page. None of them ask you to enter a password or payment information directly in the email itself. When in doubt, ignore the email entirely and log in to the provider's site through your browser, not through any link in the message.
Phishing scams work because they create a moment of doubt. "Maybe my iCloud really is full. Maybe my account really will be deleted today." That doubt is what gets people to click. The doubt only exists because the actual renewal date is fuzzy in your head.
Set a reminder for your real renewal date and the doubt vanishes. You know iCloud renews on June 15. You know your reminder fires on May 16. Any email arriving in March, April, or early May claiming your account will be deleted today is immediately recognizable as a scam, no investigation needed.
The reminder becomes the source of truth and every other "renewal notice" becomes background noise to ignore. For the full reminder setup, see the cloud storage reminder pillar. If you are also worried about losing data when you cancel, see what happens to your files after cancellation.
Real Apple billing emails come from no_reply@email.apple.com or no_reply@apple.com and never include a payment link or login link in the message. They tell you to manage the subscription in Settings or at appleid.apple.com. Anything that asks you to "click here to renew" or includes a payment form inside the email is a phishing scam, not a real renewal notice.
The Federal Trade Commission flagged fake cloud storage warnings as one of the most common phishing patterns of 2025. Scammers know almost everyone uses iCloud, Google One, or OneDrive, so they blast generic "your storage is full, click here to renew" emails to millions of addresses, knowing a small percentage will click. The real renewal notices look similar enough that people now ignore both.
Real Google One billing comes from googleone-noreply@google.com or no-reply@accounts.google.com. The subject is usually "Your Google One membership renews soon" or "Your subscription renewed." The email tells you to manage the plan at one.google.com. There is no payment form inside the email and no urgent deletion threat. Compare any suspicious message against a recent legitimate one from the same sender.
Five red flags: the sender domain is not the official provider domain, the email contains a payment form or login link directly in the message, the language is urgent ("expires in 24 hours, files will be deleted"), the greeting is generic ("Dear user," "Dear Customer"), or the email asks you to confirm your password or card number. Any one of these is enough to call it a scam.
They send notifications when storage is at the limit, but those messages link only to settings pages within their own apps. They never include a "renew now" payment form in the email itself, never ask for your password, and never threaten file deletion within hours. Real warnings give weeks of notice and link to the provider settings page.
If you know your real renewal date, every other "renewal" email becomes obviously suspicious. You can ignore the panicked "files will be deleted" messages because you already know the actual date and you are already planning for it. The reminder you set yourself becomes the source of truth, and the scams lose all their leverage.
Set a free reminder for your real renewal date. Every fake 'your account will be deleted' email becomes obviously bogus once you already know when the real one is coming.
Set My Real Renewal ReminderLast modified: