Today’s Menu (30-second skim)
- Apple iCloud phishing: Fake “storage limit reached” emails trick users into revealing passwords — hundreds of thousands targeted
- Signature Healthcare ransomware: Massachusetts hospital forced to divert ambulances and cancel cancer treatments for 48 hours
- Amazon product recall scam: Fake safety recall emails harvest Amazon passwords from 310 million potential targets
1) Apple iCloud Phishing: “Your Photos Will Be Deleted” Emails Target Millions
What happened (plain English): Security researchers and consumer protection agencies are warning of a widespread phishing campaign impersonating Apple’s iCloud service. The scam emails use urgent language about storage limits and data deletion threats to trick users into clicking links that lead to fake login pages designed to steal Apple IDs and passwords. The emails look authentic because they mimic Apple’s official branding, use proper formatting, and contain language that feels natural to iCloud users who actually do receive legitimate “storage full” notifications from Apple. The attack has been active for weeks and is targeting a broad audience — anyone who uses iCloud for photo backup or file storage is a potential victim.
Why it matters to you: Your Apple ID is the master key to your entire digital life on Apple devices — it controls access to your email, photos, location data, payment methods, and all your devices. If a scammer gains access to your Apple ID through this phishing attack, they can lock you out of your own account, delete your data, change your recovery email, or use your payment method to make unauthorized purchases. Unlike financial accounts where you can dispute charges, a compromised Apple ID can take weeks to recover from. The fact that these emails coincide with legitimate Apple storage warnings makes them particularly effective — you may already be thinking about your storage issues when the fake email arrives.
How to protect yourself (do this):
- Never click a link in an email about iCloud storage or account issues. Instead, go directly to iCloud.com or Settings → iCloud on your device and check your actual storage status there.
- Be suspicious of any email that creates urgency (“delete your account,” “act now,” “your photos will be wiped”). Apple rarely sends emails about imminent data deletion.
- Enable two-factor authentication on your Apple ID immediately if you haven’t already. Go to appleid.apple.com and turn on 2FA. This stops attackers even if they steal your password.
- If you clicked a phishing link and entered your Apple ID password, change it right now from a different device and sign out of all other devices from your account settings.
- Report the phishing email to Apple: forward it to reportphishing@apple.com. The more reports they receive, the faster they can shut down the fake domains.
Published: April 12, 2026
Source: The Guardian
2) Signature Healthcare Ransomware Attack: Hospital Diverts Ambulances, Cancels Cancer Treatments
What happened (plain English): Signature Healthcare Brockton Hospital in Massachusetts, a 216-bed facility serving over 70,000 patients annually, was hit by a ransomware attack that disrupted systems on April 6, 2026 and forced the hospital to operate under manual downtime procedures for approximately 48 hours. The hospital diverted ambulances to other facilities, cancelled chemotherapy infusion services for cancer patients, and implemented handwritten medical records. Patients experienced significant delays, and some scheduled surgeries were postponed. The hospital worked with outside cybersecurity experts and law enforcement to restore systems. No attack group has publicly claimed responsibility, and the hospital has not disclosed whether a ransom demand was made.
Why it matters to you: If you live in the Brockton, Massachusetts area or receive care from Signature Healthcare, this attack affected patient records, test results, and medical histories. More broadly, this attack is emblematic of a sustained trend: 2026 has already seen multiple major U.S. hospital ransomware incidents, and cybersecurity professionals report a “high level of malicious activity” targeting the healthcare sector specifically. Hospitals are attractive targets because they store highly valuable data (full medical histories, SSNs, insurance information) and because disruptions directly threaten patient safety — making hospitals more likely to pay ransoms quickly. The fact that this hospital had to cancel cancer treatment sessions shows that these aren’t just IT problems; they’re medical emergencies.
How to protect yourself (do this):
- If you received treatment at Signature Healthcare Brockton Hospital or any of their affiliated locations, monitor your medical bills and insurance statements for charges you don’t recognize.
- Request a copy of your medical records from the provider to verify that your information was not corrupted during the attack and that no unauthorized entries exist.
- Consider placing a fraud alert with the credit bureaus (Equifax, Experian, TransUnion) — medical data breaches can lead to identity theft months or years after the incident.
- If you have health insurance, contact your insurer and ask if any fraudulent claims have been filed under your name since the breach date.
- Be wary of follow-up emails or calls claiming to be from the hospital — scammers often use real breaches as cover to solicit sensitive information from victims.
Published: April 8, 2026
Source: Recorded Future News
3) Amazon Product Recall Phishing: Fake Safety Alerts Harvest Passwords from 310 Million Users
What happened (plain English): A phishing campaign impersonating Amazon customer support is sending emails claiming that a product the recipient purchased has been recalled due to a safety defect. The email uses official-looking Amazon branding and reads: “Dear Customer, we are writing to inform you of a product recall affecting an item from your March 2026 order due to a design defect that may pose a potential safety risk.” The email contains a button or link that appears to lead to Amazon’s website, but actually redirects to a fake login page designed to steal the user’s Amazon username and password. The campaign is using the “product recall” hook because it’s vague enough that most Amazon customers feel it could apply to something they actually ordered, creating urgency without requiring the attacker to know specific details about the target’s purchase history.
Why it matters to you: Amazon stores your complete purchase history, payment methods, addresses, and linked bank account information. If a scammer gains access to your Amazon account, they can place orders using your saved payment methods, change your delivery address to intercept packages, or use your account to access other services you’ve linked (like AWS if you use cloud services for work). Amazon ATO (account takeover) scams have been steadily increasing — they’re more common during holiday seasons but operate year-round. The scammers are betting that nearly everyone with an Amazon account has placed multiple orders recently, so the vague “March 2026 order” reference will feel plausible to most recipients.
How to protect yourself (do this):
- Never click a link in an email claiming to be from Amazon about a recall, refund, or account issue. Instead, go directly to Amazon.com (type it in your browser, don’t click a link) and check the Message Center in your account. Legitimate messages from Amazon appear there, not in your email.
- Be suspicious of vague product recall emails that don’t name the specific product or explain the exact hazard. Real product recalls include specific details so you know what to look for.
- Enable two-factor authentication on your Amazon account immediately. Go to your Account Settings, click “Login & Security,” and turn on Two-Step Verification.
- If you clicked a phishing link and entered your Amazon password, change it right now. Also change that same password on any other accounts where you reused it.
- Monitor your bank and credit card statements for unauthorized charges. Report any suspicious activity to your bank immediately.
- Report the scam email to Amazon: use the “Report Junk” button in your inbox, or forward it to Amazon’s anti-fraud team at stop-spoofing@amazon.com.
Published: April 9, 2026
Source: Malwarebytes
👏 Grandma’s Firewall
This week’s rule: If an email tells you something urgent is happening with your account or an order — go directly to the company’s website yourself instead of clicking the email link. Don’t type anything the email told you to type. Start fresh every time.
Why it works: Phishing emails are designed to look real, but they can’t fake a genuine company website if you go to it independently. Scammers can’t force you to a fake site if you navigate there yourself. This one habit — “I’ll go to the real site from scratch” — stops 95% of account takeover scams.
Script 1 — What to say when you get an urgent account email:
“This email is asking me to act immediately, but I’m not clicking this link. I’m going to the official website myself and checking my account from there. If there’s a real problem, it will show up when I log in the proper way.”
Script 2 — What to tell a family member who already clicked a phishing link:
“Stop. Did you enter your password? If yes, go to that account right now and change the password from a different device. If no, just close the page and don’t worry about it.”
Forward this to one person who might click a phishing email. That’s this week’s mission.
— Philip | Human In[Security]
![Human In[Security] Die-cut stickers](https://humaninsecurity.com/wp-content/uploads/2026/01/die-cut-stickers-satin-6x6-front-697d1d26150e0-300x300.jpg)
![Human Network In[]Security Cotton Heritage MC1082 I Men's Premium Short Sleeve Tee](https://humaninsecurity.com/wp-content/uploads/2026/01/cotton-heritage-mc1082-i-mens-premium-short-sleeve-tee-vintage-white-front-697d1df2a58b4-300x300.jpg)
![Official Human In[Security] Unisex Hoodie](https://humaninsecurity.com/wp-content/uploads/2026/01/cotton-heritage-m2580-i-unisex-premium-pullover-hoodie-carolina-blue-front-697d24c26e85b-300x300.jpg)