Building on the Guardian Scam watch roundup, this item focuses on phishing emails that use “storage nearly full” style prompts to drive clicks. The lures are designed to capture credentials and can lead to further financial harm.

This hype-focused safety brief spotlights a recurring phishing pattern highlighted in the Guardian’s Scam watch series: messages that claim your cloud storage is nearly full (or that your account needs verification) to prompt immediate action. The scam logic relies on timing—victims are more likely to click when the message implies an urgent consequence such as blocked uploads, account limitations, or a looming deadline. The emails often mimic legitimate notifications with familiar branding and streamlined wording, which can make the threat harder to spot quickly. Once a recipient interacts with the message, the attacker’s objective is typically credential capture or redirection to a counterfeit login portal designed to harvest banking- or identity-related information. For U.S. audiences, the danger isn’t limited to losing an email account; stolen credentials can be reused for password resets, account recovery flows, and access to connected financial services. The most useful practical angle is prevention behavior: avoid clicking links in unsolicited “alert” emails; instead, check storage status by opening the official service directly (via app or previously saved bookmark). Enable multi-factor authentication on email and financial accounts, and treat unusual verification prompts as a red flag, even if the wording feels routine. As the Guardian roundup implies, these campaigns work because the “topic” (storage) is ordinary—so the psychology is familiar and the harm can scale quickly.