High riskEmail Scams

Quarantined Email Scam

This scam emails a warning that several messages are 'held in quarantine' or 'pending delivery' and asks you to log in to 'release' them, leading to a fake page that steals your email password.

Quick verdict

Risk level
High risk
Scam type
Credential-harvesting phishing
Main red flag
An email says messages are held in quarantine and links you to log in to release them.
What to do first
Do not use the link. Check held mail only in your real email or admin settings.

What this scam usually looks like

This scam emails a warning that several messages are 'held in quarantine' or 'pending delivery' and asks you to log in to 'release' them, leading to a fake page that steals your email password.

Example message pattern

Example pattern — not a real report
Example pattern: '3 incoming messages were quarantined by our security filter. Review and release them within 24 hours or they will be deleted: [suspicious link]'

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

  • A claim that messages are held and must be 'released'
  • A link to log in to a 'security' or 'quarantine' portal
  • A login page whose address is not your email provider
  • A deadline threatening to delete the messages
  • Branding that nearly matches your provider but is off

What to do

  • Check any quarantine through your real email settings or admin console
  • Type your provider's address yourself rather than using the link
  • Report the email as phishing within your service
  • Delete the email

If you already clicked or replied

  • If you entered your password, change it immediately from a trusted device
  • Enable two-factor authentication on your email
  • Check forwarding rules and sent items for anything you did not set
  • Update the password anywhere you reused it

What not to do

  • Do not log in through the email's link
  • Do not reuse your email password elsewhere
  • Do not ignore a possible email compromise

Similar scams

Medium risk Email

Email Storage Full Scam

This scam warns that your mailbox or storage is full and that you will stop receiving messages unless you 'verify' or 'upgrade' through a link. The link leads to a fake webmail login page that captures your email password.
High risk Email

Microsoft Account Email Scam

This scam sends a fake Microsoft or Outlook email about an unusual sign-in or an account about to be closed, linking to a fake Microsoft login page that captures your email and password.
Medium risk Email

SharePoint Phishing Scam

This scam sends a fake Microsoft SharePoint or OneDrive email saying a document has been shared with you, linking to a counterfeit Microsoft login page designed to steal your work email credentials. It is commonly aimed at businesses.

Frequently asked questions

Do email systems hold messages I must release by link?
Some organisations use quarantine, but it is managed in your real email or admin settings, not through an outside link demanding your password. Treat such emails as phishing.
Why target my email login specifically?
Email often controls password resets for your other accounts, so a stolen email password can unlock much more. Protect it quickly.
I entered my password. What first?
Change it right away from a trusted device, turn on two-factor authentication, and check for unfamiliar forwarding rules or sent messages.
How do I check real quarantined mail?
Log in to your email or admin console directly, or contact your IT team, rather than following a link in the warning email.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.