Cloud Storage Quota Warning Used to Hijack User Sessions

Between 12–13 April 2026, a phishing campaign used storage-quota-themed emails directing victims to https://storage-quota-check.com/validate, a site that proxied legitimate authentication to capture credentials and session cookies; investigators observed mailbox access, internal file downloads, and suspicious logins from 185.172.128.92, indicating cloud account compromise and session hijacking.