Release Pending Messages Scam Email on Tablet Screen
Home ScamsPhishing Scams ‘Release Pending Messages to Inbox’ Email Phishing Scam

‘Release Pending Messages to Inbox’ Email Phishing Scam

by Brett M. Christensen

According to this “action required” email, you need to click a button to release pending messages to your inbox.

The message, which purports to be from the Microsoft IT Helpdesk, claims that you have undelivered emails due to system delays. Supposedly, clicking the “release pending messages” button will rectify the problem and deliver your emails.

However, Microsoft did not send the message, and the claim about undelivered emails is a lie. 

The email is a phishing scam designed to steal account login credentials. 

Clicking opens a fake “Session Expired” login box, as shown in the second screenshot below. The information you enter will be sent to criminals and used to gain access to your email account. Once they have taken control, the criminals can use your account to distribute scam, spam, and malware emails in your name.

They can also access linked services such as online storage and app stores that use the same login. They may manage to gather sensitive personal information from your account and use it to steal your identity or commit fraud.

In this scam campaign, the criminals have used a clever trick to make their ruse appear legitimate. Clicking takes you to your email address domain and then loads the fake login box as an overlay on the site. 

For example, if you use a Microsoft or Gmail email account, the genuine Microsoft or Google website will load in your browser with the fake login box displayed on top. The box even captures and shows the site’s logo. This trick could help to convince victims that the email is genuine.

In the example shown below, the fake login box is displayed as an overlay on my own Hoax-Slayer website since the scammers sent the email to a Hoax-Slayer address.   

There are many versions of these email phishing scams. Be wary of any message that purports to be from your email service provider and claims that you must click a link to rectify a supposed problem. 

Instead of clicking a link, you can log in to your email account via your web browser or email app as you normally would. If there really is a problem with your account, you will most likely see an internal message after you have logged in. 

Microsoft has published information about phishing attacks on its support website. 

Screenshot of the release pending messages scam email:

Pending Messages Phishing Email

Screenshot of the scam login page:

Pending Messages Scam Login

 

Transcript of the scam email:

Subject:  Action required – Review Alerts Summary
From: IT Helpdesk

Microsoft
catch@[].com
You have [9] undelivered mails on (12th March 2021).
This was caused due to system delays.
Rectify Below:
Release pending messages to inbox
You received this email to let you know about important changes to your Email Account and services.
© 2021 Microsoft, One Microsoft Way, Redmond, WA 98052, USA

 



Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer