How to spot scms like the "Mail - Quarantined" email scam

What is Mail - Quarantined email scam?

Scammers behind this phishing email attempt to trick recipients into opening a deceptive website and providing their email account login credentials.

Note that emails of this type can be used to deceive recipients into providing other sensitive details as well. For example, bank account numbers, social security numbers, credit card details, etc.

More about the Mail - Quarantined email scam

As mentioned, the main purpose of this phishing email is to deceive recipients into entering their email account credentials on a deceptive website. It claims that recipients supposedly have some pending emails that cannot be delivered, unless they "release" the messages by clicking the "Release and add to safelist" link beside the email address of each sender.

If clicked, all of these links open an identical website whereby recipients are asked to enter their email account login credentials. Stolen accounts could then be misused to send malspam emails, deceive other people into transferring money to cyber criminals, spread the same (or other) phishing email further.

Also, those accounts can be misused to steal identities and other sensitive information (e.g., credit card details, bank account numbers), and so on. Furthermore, stolen accounts and other information might be sold to other cyber criminals. Therefore, phishing emails or other emails of this kind should never be trusted.

Examples of similar scams

Some examples of other phishing emails are "E-Mail Clustered Email Scam", "Message Attachments Were Delayed Email Scam" and "Deactivating All Inactive Accounts Email Scam".

As well as using emails to trick recipients into providing sensitive information, they can also use them to trick people into installing malware (cryptocurrency miners, Trojans, ransomware-type programs, etc.) onto their computers.

How do spam campaigns infect computers?

When cyber criminals attempt to distribute malware via malspam campaigns, they send emails that contain malicious attachments or download links for malicious files. Typically, they disguise their emails as official and important. If recipients open the attached file (or a file downloaded via a website link), they cause installation of malicious software.

Cyber criminals commonly attach executable files (.exe), archive files such as RAR, ZIP, PDF documents, JavaScript files and Microsoft Office documents to their emails. Software 'cracking' tools supposedly activate licensed software illegally (bypass activation), however, they often install malicious programs and do not activate any legitimate installed software.

How to avoid installation of malware?

You are advised to download files and programs from official websites and via direct download links. Other tools and sources such as third party downloaders and installers, unofficial pages, and Peer-to-Peer networks (e.g., eMule, torrent clients) should not be used to download or install software.

Check all "Custom", "Advanced" and other similar settings (or available checkboxes) for offers to download and/or install unwanted apps. Do not click ads on dubious websites, since they can be designed to open bogus web pages or cause unwanted downloads and installations.

Remove any unwanted, suspicious extensions, plug-ins and add-ons installed on the browser, and software of this kind from the operating system.

If you have already opened malicious attachments, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated malware.

Text presented in the Mail - Quarantined phishing email:

End User Digest: 3 New Held Messages
For ********
 
Total 3 Held Messages (Summary Digest):
All email messages in your personal Quarantine.

Messages will be deleted at the latest after 5 days. To deliver an email to your inbox, click on Release.
The emails listed in this section have been placed in your personal Quarantine. Click Release to deliver the email to your inbox. To continue to receive future emails from the sender, click Allow Sender. To report messages that are not spam but are included in the Spam - Quarantined section, click Not Spam.
Mail - Quarantined  
Score    From    Subject    Date    Action
100    dave.maher@lmco.com    UCP - PO A4643    12/09/20 Release and add to safelist
100    safak@kadirdemirltd.com    Re: Please respond to me 12/09/20 Release and add to safelist
100    durgesh.upadhyaya@in.panasonic.com    Re:Fwd:2020/ESD - Stock Price request.    12/09/20 Release and add to safelist
 
For more information contact your Service Desk.

Powered by Proofpoint

Screenshot of a deceptive website that scammers use to trick recipients into providing their credentials:

Another example of mail - quarantined spam:

Text presented within:

Subject: - Undelivered Messages (Action Required)

 

Attention:  -

You have [9] quarantined messages in your - portal

as of Tuesday January 26, on 21/01/2021 6:04:50pm

You can review these here and choose what happens to them.

REVIEW

Yet another example of quarantined mail-themed spam:

Text presented within:

Subject: Your quarantined email report

Your quarantined email report

All incoming emails have been recently added to your quarantine area.

Use the manage quarantine button to access your quarantined email.

You currently have 4 quarantined incoming emails

Automatically deleted in 48 hours

Recipient Subject     

******** RE: RFQ View Allow
******** Gadoterc Acid / Vietnam View Allow

******** Imax_Iohexol project_ price offer View Allow

******** SG_Cyclolux registration & DA View Allow

Manage quarantined email

Yet another example of mail quarantined-themed spam email:

Text presented within:

Subject: A: Pending Emails On Host Server_Postmater_********

 

4 Emails Could not be Delivered To Your Mailbox, Action Required!!!

Hi ********,

There are new messages in your Email Quarantine, messages will be automatically removed from quarantine after 48 hours.

The following summary displays a maximum of the most recent quarantined block messages.

To see all quarantined messages view   Your Quarantined Emails and release to inbox.
 
Quarantined emails
Action:     Recipient:     Subject:     Date:
MOVE TO INBOX     ********     ********: Delivery Status Notification (Delay)     8/06/2021
MOVE TO INBOX     ********     Re: Re: Contract | NEW ORDER_RFQ-10689     8/06/2021
MOVE TO INBOX     ********     RE: Payment Transfer- Swift Copy INVOI NR:6429     7/06/2021
MOVE TO INBOX     ********     DHL Express Shipment 77561785**** Notification     6/06/2021
Restore all messages to inbox

Note: If this message lands in your spam folder, please move it to your inbox folder for proper interrogation.
Please do not reply as this message was generated by the system for notification purposes only.
Important: Do NOT forward this message as recipients of this message will be able to manage your quarantined messages and approved senders.
For more information about this digest contact your email administrator.

©2020 ********Administrator.

Another variant of mail quarantine-themed spam email promoting a phishing website:

Text presented within:

Subject: Important : New messages found in quarantine : 4of 4 -Your Action is Required

Blocked Incoming Messages

Several message(s) below have been blocked by your ******** administrator due to validation error.

You have new messages in your email quarantine inbox will be automatically removed from quarantine after 7 day(s).

To see all quarantined messages and release to inbox.
Quarantined Mail
Recipient     Subject     Date
Release ********     Re: Approval     06~07~2021
Release ********     EU Business Register 2021/2022     06~07~2021
Release ********     Electronic Fund Transfer Access Document     06~07~2021
Release ********     Fix problems with site title & tagline for ********     06~07~2021
open all messages

Note: this message was sent by the system for notification only, please do not reply.
if this message lands in your spam folder, please move it to your inbox folder for proper interrogation.

Screenshot of the promoted phishing website:

Yet another example of mail quarantine-themed spam email promoting a phishing site:

Text presented within:

Subject: Action Required: You have [9] quarantined messages

 

Webmail
horde roundcube
Attention: -

You have [9] quarantined messages in your quarantine portal

as of Tuesday, September 28, 2021 6:30 AM (UTC).

You can review these here and choose what happens to them.

REVIEW

Screenshot of the promoted phishing site:

Yet another example of email quarantine-themed spam promoting a phishing site:

Text presented within:

Subject: (3) INCOMING MESSAGES BLOCKED BY ADMIN

Blocked Incoming Messages

Dear -  ,

Incoming messages were blocked due to Email Account Verification Failure by you for the year 2021.
 
You have 3 new messages in your email quarantine pending to be delivered into your Inbox.

Date: 9/13/2021 6:06:19 a.m.

Click on Release, to free these messages to your inbox and to Verify your Mail Account :  Deliver Messages
 
Quarantined email
Subject:     Subject:     Date:
Release     Re:Enquiry/Consultation     RE: Send PI Asap for payment     9/10/2021 7:06:19 a.m.
Release     Re: Balance Payment     RE: T/T Payment Copy     9/11/2021 4:05:19 a.m.
Release     Re: Account Statement     RE: New Purchase order     9/13/2021 6:05:19 a.m.

Deliver all messages (3)

Screenshot of the promoted phishing site:

Another example of blocked mail-themed spam promoting a phishing site:

Text presented within:

Subject: Last warning! You have 6 Incoming Messages Blocked!

 

You have 6 Incoming Messages Blocked

The following messages have been blocked by your administrator due to validation error.

You have 6 new pending messages .
Time: 6/20/2022 8:20:52 a.m.

CLICK HERE TO VIEW YOUR INCOMING MESSAGES
Incoming  Messages:
Sender :     Subject:     Time:
pending Fwd: Transfer   ------  forwarded message ----       08:17 am
pending We didn't receive any reply from you CALL ME      10:21 am
pending Incoming Transfer from Sale @ .... [SWIFT] 11:19 am
pending Can we still meet Today  | SMILES | 01:29 pm
pending Re: ORDER CONFIRMATION SO: 0912433 02:27 pm
pending Dhl shipment arrival notification_729211.AD     03:08 pm
DELIVER ALL MESSAGES

Note: This message was sent by the system for notification only, Please do not reply.
If this message lands in your spam folder, please move it to your inbox folder for proper interrogation

Another example of quarantined mail-themed spam promoting a phishing site:

Text presented within:

Subject: Email Server Notification

Dear - :

You have 8 new Quarantined messages as of the 29th of August, 2022 1:00 AM (UTC) which are listed below along with the actions that can be taken:

Release to Inbox: Send the message to your Inbox.

Report as Not Junk: Send a copy of the message to Microsoft for analysis.

If you have received this email by mistake. Please notify us.

Screenshot of the promoted phishing site:

Another example of quarantined mail-themed spam promoting a phishing site:

Text presented within:

Subject: You Currently Have 7 Quarantined Incoming Emails

Total inbound quarantined emails for : 7 messages

The emails listed below are ones that have been placed in your quarantine digest since the last quarantine summary was sent.

Your quarantine is protected and authentication is required to manage your messages.

Messages older than 7 days will be removed

Email Quarantined Since Last Notification (2022-Sep-02 09:00:06): 1 message

From Subject Actions
tw@abosolute-marine.com Ex Factory Price Deiver  |    Allow List |    Delete  |   View

Previously Quarantined Email: 6 messages

From Subject Actions
moin.ansari@spgroup.com.pk
Re: COA
Deliver  |    Allow List |    Delete    |   View
m.grber@sanochemia.com
New Order
Deliver  |   Allow List  |   Delete     |   View
ali.eleyan@bernq.com Re: INVOICE & PACKING LIST
Deliver     |   Allow List  |   Delete     |   View
debora.irvin@protenelectric.com RE: Quotation // Freight offer
Deliver     |   Allow List  |   Delete     |   View
dop@airlbya.aero Revised Invoice
Deliver     |   Allow List  |   Delete     |   View
bshdaifat@joromco.com.jo Distributor Agreement Deliver     |   Allow List  |   Delete     |   View
  DELETE ALL DISPLAYED EMAILS

Click on the Deliver link to have that message delivered to your primary inbox.
Click on the Allow List  link to have that message delivered to your primary inbox and that sender added to the Allow List.
Click on the  Delete link to remove that message from your quarantine.
Click on the View link to display that message in a new Message Details browser window.
Manage your allowed / blocked list Set quarantine notification intervals

View your entire Quarantine Inbox or manage your preferences.

Screenshot of the promoted phishing site:

Instant automatic malware removal:

Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.

Quick menu:

• What is Mail - Quarantined phishing email?
• Types of malicious emails.
• How to spot a malicious email?
• What to do if you fell for an email scam?

Types of malicious emails:

Phishing Emails

Most commonly, cybercriminals use deceptive emails to trick Internet users into giving away their sensitive private information, for example, login information for various online services, email accounts, or online banking information.

Such attacks are called phishing. In a phishing attack, cybercriminals usually send an email message with some popular service logo (for example, Microsoft, DHL, Amazon, Netflix), create urgency (wrong shipping address, expired password, etc.), and place a link which they hope their potential victims will click on.

After clicking the link presented in such email message, victims are redirected to a fake website that looks identical or extremely similar to the original one. Victims are then asked to enter their password, credit card details, or some other information that gets stolen by cybercriminals.

Emails with Malicious Attachments

Another popular attack vector is email spam with malicious attachments that infect users' computers with malware. Malicious attachments usually carry trojans that are capable of stealing passwords, banking information, and other sensitive information.

In such attacks, cybercriminals' main goal is to trick their potential victims into opening an infected email attachment. To achieve this goal, email messages usually talk about recently received invoices, faxes, or voice messages.

If a potential victim falls for the lure and opens the attachment, their computers get infected, and cybercriminals can collect a lot of sensitive information.

While it's a more complicated method to steal personal information (spam filters and antivirus programs usually detect such attempts), if successful, cybercriminals can get a much wider array of data and can collect information for a long period of time.

Sextortion Emails

This is a type of phishing. In this case, users receive an email claiming that a cybercriminal could access the webcam of the potential victim and has a video recording of one's masturbation.

To get rid of the video, victims are asked to pay a ransom (usually using Bitcoin or another cryptocurrency). Nevertheless, all of these claims are false - users who receive such emails should ignore and delete them.

How to spot a malicious email?

While cyber criminals try to make their lure emails look trustworthy, here are some things that you should look for when trying to spot a phishing email:

• Check the sender's ("from") email address: Hover your mouse over the "from" address and check if it's legitimate. For example, if you received an email from Microsoft, be sure to check if the email address is @microsoft.com and not something suspicious like @m1crosoft.com, @microsfot.com, @account-security-noreply.com, etc.
• Check for generic greetings: If the greeting in the email is "Dear user", "Dear @youremail.com", "Dear valued customer", this should raise suspiciousness. Most commonly, companies call you by your name. Lack of this information could signal a phishing attempt.
• Check the links in the email: Hover your mouse over the link presented in the email, if the link that appears seems suspicious, don't click it. For example, if you received an email from Microsoft and the link in the email shows that it will go to firebasestorage.googleapis.com/v0... you shouldn't trust it. It's best not to click any links in the emails but to visit the company website that sent you the email in the first place.
• Don't blindly trust email attachments: Most commonly, legitimate companies will ask you to log in to their website and to view any documents there; if you received an email with an attachment, it's a good idea to scan it with an antivirus application. Infected email attachments are a common attack vector used by cybercriminals.

To minimise the risk of opening phishing and malicious emails we recommend using Combo Cleaner Antivirus for Windows. 

Example of a spam email:

What to do if you fell for an email scam?

• If you clicked on a link in a phishing email and entered your password - be sure to change your password as soon as possible. Usually, cybercriminals collect stolen credentials and then sell them to other groups that use them for malicious purposes. If you change your password in a timely manner, there's a chance that criminals won't have enough time to do any damage.
• If you entered your credit card information - contact your bank as soon as possible and explain the situation. There's a good chance that you will need to cancel your compromised credit card and get a new one.
• If you see any signs of identity theft - you should immediately contact the Federal Trade Commission. This institution will collect information about your situation and create a personal recovery plan.
• If you opened a malicious attachment - your computer is probably infected, you should scan it with a reputable antivirus application. For this purpose, we recommend using  Combo Cleaner Antivirus for Windows.
• Help other Internet users - report phishing emails to Anti-Phishing Working Group, FBI’s Internet Crime Complaint Center, National Fraud Information Center and U.S. Department of Justice.

Frequently Asked Questions (FAQ)

Why did I receive this email?

Usually, scammers obtain email addresses after data breaches and use them in their phishing (or other) campaigns. They send the same letter to all recipients (their emails are not personal).

I have provided my password when tricked by this email, what should I do?

Change all passwords as soon as possible, especially if scammers can access other accounts with the stolen password (if the same password is used for multiple accounts).

I have downloaded and opened a file attached to an email used to deliver malware, is my computer infected?

It depends on the file type. Executable files usually infect computers right after they are opened/executed. In other cases, malicious files do not infect computers until additional steps are performed (e.g., macros commands in opened MS Office documents are enabled).

I have read the email but didn't open the attachment, is my computer infected?

No, your computer is not infected since it is not harmful to open an email even if it is used to distribute malware.

Will Combo Cleaner remove malware infections that were present in email attachment?

Yes, Combo Cleaner can detect and eliminate almost all known malware. Run a full system scan if your computer is infected with high-end malware. Otherwise, antivirus software will not detect that malware since it can hide deep in the operating system.