We’ve been storing our important data online since the late 90s. Those of you who have been online long enough may recall those early days of saving files in webmail inboxes. Later, as internet speeds and web storage capacity grew, we were able to keep more and more of our digital possessions online.

More recently, the mainstreaming of cloud storage and advent of features like file syncing increasingly made the web our go-to option for keeping work and personal files safe from physical harm. After all, what’s not to love? It fits well with our always-connected, work-anywhere lifestyles; and has certainly made it much easier to share, connect and collaborate – especially during the pandemic.

Unfortunately, this surge in online storage adoption also means there’s now a treasure trove of our personal data online. Official documents and records; cherished personal memories; sensitive work files and more – all just floating in the cloud: a tempting target for cyber criminals.

Theft and exploitation of this data can cause significant financial loss and devastating personal impact. So it’s crucial that we be aware of the scams that are commonly used to try and steal it, so we can stop them dead in their tracks before they do any real harm.




This type of scam has been around for a long time. Updated frequently with new variations, they can still catch people out if they’re not careful.

How it usually goes:

  1. Scammers will send you an official-looking email or text message that claims to be from a reputable organization you have regular dealings with, such as your bank or cloud storage provider.
  2. The message will tell you there is an issue with your account you need to resolve, or a prize you can claim. It will ask you to click a link, then log in or submit personal details to confirm your identity.
  3. The link will take you to a fake site that’s designed to look exactly like an official one. Once you submit your details (such as your username/password) it will be captured and stolen.

How to side-step it:

– Always confirm the sender’s email address and the URL of the website that the link leads to. If any of it differs even slightly from the real, official one you know – stop immediately.

Enable 2-Factor Authentication (2FA) on your accounts. This is a standard feature with service providers that offer top-level security – such as banks and Treasure Cloud. With 2FA, your account can only be accessed when you key in two passwords:

  1. The password you memorize and use at every login.
  2. A second One-Time Password (OTP) sent via SMS to your mobile once you enter the first password. As its name indicates, this OTP is only useable once. A new one is generated every time you log in.

If you log in and the website does not send you an OTP, it’s an immediate warning sign that something is not right and you should change your password immediately.

Avoid using the same passwords for your various accounts. This limits the threat to your accounts even if one of them is compromised.


Tech Support Scam

In this insidious scam, scammers will try to make you panic over the status of your account or device in order to make you comply with their requests.

How it usually goes:

  1. Scammers will call you posing as tech support from a service provider you use – such as your phone company. They will say your account or device has been sending them error messages or been infected with malware.
  2. They will request remote access to your device so they can root out and resolve the problem. This will give them free rein to steal your data outright, or install spyware to do it over time.
  3. They may also take a more direct approach by asking for your personal and login details outright, ostensibly to verify your identity.

How to side-step it:

Keep calm and don’t be in a rush to comply with any caller’s request, particularly ones who are asking for your private information. Before you grant access or disclose anything, make sure the call is really from an official number. To be doubly safe, end the call and call the company’s official support hotline to continue with any troubleshooting that may be required.

Tip: Treasure, like many other cloud storage providers, would never call you if there are issues with your account but instead notify you by email. So if you do get a call, you should be immediately suspicious.


Impersonation Scam

By pretending to be a friend or loved one in distress, scammers will attempt to take advantage of your concern to cheat you of cash or steal your data.

How it usually goes:

  1. Scammers start by infiltrating the social account of someone you know. Two of the most common methods for doing this are:
    1. Hacking: Stealing login details and taking over their account outright
    2. Cloning: Making an exact copy of their account
  2. They will then use the compromised account to pose your friend or loved one to ask you for an urgent favor. Depending on their motives, they may attempt to:
    1. Cheat money by asking you to buy them an online gift card so they can make an emergency purchase
    2. Steal your data by asking you for private data (for example, they may pretend to be a co-worker who needs you to urgently send them a sensitive work file for a last-minute meeting)

How to side-step it:

  • Call to verify with your friend if you ever receive an unexpected request from them. Never accede to their request right away, no matter how urgent it may sound.
  • Never share any password or OTP to any account with anyone – even those closest to you – without being 100% sure of their identity.
  • Use secure sharing methods to share sensitive files. If you use Treasure, you can send a cloud access link to their verified email instead of sharing the file directly. On Treasure, this access link can also be set to expire at a time of your choosing, thus minimizing the chances of it falling into the wrong hands.


We’ve highlighted just a few of the most common data theft scams. There are many others out there, and sneaky new ideas are being hatched every day by scammers. So stay alert and remember that if anything seems even the slightest bit suspicious – it’s better to err on the side of caution.

Finally, if you encounter any new scams you’d like us to warn everyone about, do share them with us at hello@treasure.cloud