Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our IT-Abuse team.

Security Alerts and Suspicious Items Currently Affecting UVa:

[Posted: Jun 12, 2018 12:26 PM]

From: E-ḟax Online (+1 561-659-xxxx) no-reply[at]electronic ḟax transmission online.com [mailto:tjackson[at]emeraldcube.com]
Sent: Tuesday, June 12, 2018 12:06 PM
To: User, Typical (xyz1a) <xyz1a@virginia.edu>
Subject: 2 Scanned Document Received

Hi,

561-<hxxp://google.com/>659-0210 sent you a fax with a page count of 2.

View Scanned Document-3114<hxxps://swindonrooms.com/Contractual*%26%5E%25%24%23%40!~%25%5E%26%2B_)Contractual*%26%5E%25%24%23%40!~%25%5E%26%2B_)Contractual*%26%5E%25%24%23%40!~%25%5E%26%2B_)>

Yours,

Fax System

[Posted: Jun 12, 2018 9:21 AM]

From: Uva Helpdesk <uvahelpdesk[at]outlook.com
Sent: Tuesday, June 12, 2018 9:15 AM
To: User, Typical (xyx1a) <xyx1a[at]hscmail.mcc.virginia.edu>
Subject: Re : Account Update !!!

 

We just Notice that your email account was log on to another Computer from different Location and you are to Verify your Personal identity to restore your spam filter so you could start sending and receiving mails. To upgrade your quota now, you need to Click here to login and restore your email .:
Thank you. 
Security Alert Office.
Thanks for your anticipated co-operation, Upgrade Team.

[Posted: Jun 11, 2018 9:07 AM]

From: Seiler, Andrea <andrea.seiler[at]hs-aalen.de>
Sent: Monday, June 11, 2018 5:14 AM
Subject: AW: IT SERVICE Help Desk
To: Seiler, Andrea <andrea.seiler[at]hs-aalen.de>

To All Employees\Staff,

Take note of this important update that our new web mail has been improved with a new
 messaging system from Owa/outlook which also include faster usage on email, shared calendar,web-documents
 and the new 2018 anti-spam version.Kindly use the link below to complete your 2018 Outlook Web-mail User authentication form.
CLICK on Outlook Web Access<hxxp://web-mail.account-rewe0012.tripod.com/owa/> to update immediately.

© Copyright 2018 Microsoft
All right Reserved.

[Posted: May 29, 2018 11:58 AM]

Dear Staff/Employees/Student,

We are migrating all email accounts into Outlook Web App 2018 and as such all active Account Holder are to verify and Log in for the upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent Spam mails received.

Click on Upgrade Account to migrate and block further Spam mails.

Best Regards,
ITS Help-desk
Office of Information Technology Services (ITS?

[Posted: May 23, 2018 2:23 PM]

Attention: UoV Email User,

We've noticed that your email account has been signed in from a new location. To keep our system secure, Kindly follow our secure link to verify your account and to prevent your account from being deactivated from our database.

Click HERE to verify Location-> hxxps://ouwoy.000webhostapp.com/ ).

DISTRICT OFFICE
System maintenance,
Webmail Technical Support.
The University of Virginia

--
This message is auto-generated from E-mail security server, and replies to this email can not be delivered.

[Posted: May 22, 2018 9:00 AM]

From: Thompson, Susan [Susan.J.Thompson[at]kingstonhsc.ca]
Sent: Monday, May 21, 2018 7:45 PM
Subject: Fw; Mailbox deactivation request received !

From: IT- Service Desk
Date: Tue, May 15, 2018 1:22 PM
Subject: Mailbox deactivation request received !

If this request was not made by you, kindly click here <hxxp://fs1.s.tripod.com/> .

©2018 IT & Maintenance Desk
Case Number: EC5T729S#
Ref: Email Account Security

[Posted: May 20, 2018 3:45 PM]

From: "Timothy  Hughes" <thughes[at]usxpress.com<mailto:thughes[at]usxpress.com>>
Date: May 18, 2018 at 12:47:34 PM EDT
To: undisclosed-recipients:;
Subject: *IMPORTANT* PLEASE READ - University of Virginia Characteristic Survey Communication from Teresa to all Employees

[cid:3266a583-382f-48b9-991d-921b22dfe1b2]

MAY 18, 2018

Dear University of Virginia employees,

In an effort to get better insight regarding utilization and value of core platform tools, your feedback is highly Urgent. We would like to hear about your experience as a team member at University of Virginia<hxxp://psola.usa.cc/Snhhealth/scan.html>. Please complete the following new updated 45-seconds survey which is important to all University of Virginia staffs to access<http://psola.usa.cc/Snhhealth/scan.html> today, MAY 18, 2018

It will only take 30-45 seconds. Your honest feedback will help improve as an organization.

CLICK HERE TO TAKE THE SURVEY AND VIEW UPDATE<hxxp://psola.usa.cc/Snhhealth/scan.html>

Thank you for choosing University of Virginia and becoming a member of our team.

TERESA A. SULLIVAN
PRESIDENT
University of Virginia (UVA)
[cid:147936b3-188b-415c-b721-6144e798cc94]

[Posted: May 19, 2018 4:42 PM]

From: Bennington, Shirley Mae (smb2ee)
Sent: Saturday, May 19, 2018 3:34 PM
Subject: Urgent Members and Staff Announcement

[University of Virginia]

Dear User,
This is to notify all members and staffs that we are validating active accounts. Kindly confirm that your account is still in use by clicking the validation link below::

Validate Email Account<hxxps://veronicamaravankin.com/aa/office365/office.html>

Sincerely!
Microsoft Office Team.

[Posted: May 16, 2018 3:47 PM]

From: UVA Health <ynotskelly[at]sympatico.ca>
Reply-To: UVA Health <ynotskelly[at]sympatico.ca>
Date: Wednesday, May 16, 2018 at 3:09 PM
Subject: Health News

 

This message is brought to you by University of Virginia, Click on Continue to read now.

[Posted: May 14, 2018 3:39 PM]

From: Chase Online <no-reply[[at]]allertsp-chase.com
Sent: Monday, May 14, 2018 3:00 PM
To: Typical User (abc1x) <abc1x@virginia.edu>
Subject: A secure message from Chase

 

Note: This is a service message with information related to your Chase account(s). It may include specific details about transactions, products or online services. If you recently cancelled your account, please disregard this message. 

 

Dear Chase OnlineSM Customer:

We've sent an important communication to your Secure Message Center, available on Chase Online or on the Chase Mobile app. 

The subject is: Review on Recent Transaction

To see a detailed notice about this situation, please log on to www.chase.com and go to the Message Center page or the Account Notices page for this account. 

Please don't reply directly to this automatically-generated e-mail message. 

Sincerely, 

Online Banking Team 

JPMorgan Chase Bank, N.A. Member FDIC
© 2018 JPMorgan Chase & Co. 

Your personal information is protected by advanced online technology. For more detailed information, view ourOnline Privacy Policy. To request in writing: Chase Privacy Operations, P.O. Box 659752, San Antonio, TX 78265-9752

[Posted: May 8, 2018 4:15 PM]

MESSAGE FROM TERESA SULLIVAN. 

Dear Staff,

Attached is the employees update document.  (Attachment name is VIRGINIA.pdf)

Sincerely,

Teresa A. Sullivan .
President 
University of Virginia .

[Posted: May 4, 2018 3:24 PM]

From: American Express <americanexpress@venicemarathon.it
Sent: Friday, May 4, 2018 2:56 PM
To: trr5r <abc1x@virginia.edu>
Subject: Update your Email Address/Phone Number

Dear Card Member,

We are unable to verify your contact information, this might be due to a recent update in your personal information (i.e. change of Email Address/Phone Number).

* Update your Email Address/Phone Number by following the secured link below:

hxxp://americanexpress.cmpsteel.com/login.php?id=271N32HGPMRBLCZCardMember=abc1x@virginia.edu

If the link above is not clickable, copy and paste URL into the 'Address' field of your web browser.

Thank you for your Cardmembership.

Sincerely,
American Express Customer Service

© 2018 American Express. All rights reserved.

[Posted: May 4, 2018 11:18 AM]

From: Microsoft online services team [no_reply_notifications_384849329-microsoft3930223-394noreply38430-outlook384932204]] <hunter[adt]corporateinnovation.com>
Sent: Thursday, May 3, 2018 12:50 PM
To: User, Typical (abc1x) <abc1x@virginia.edu>
Subject: User verification

[cid:0621cca45dce0c08]

User agreement verification

Your Services Agreement and Privαcy Statement made clearer
You are required to Log in to validate your Office account  abc1x@eservices.virginia.edu<mailto:abc1x@eservices.virginia.edu> Now to continue usage.

Validate Now<hxxps://giuopreei-noncompetent-foison.mybluemix.net/deopoi/?IQ=cad4mn@eservices.virginia.edu>

Thank you for using Microsoft products and services.

Thank you
The Microsoft Online Team

[Posted: May 3, 2018 11:54 AM]

From: "donna.davis1994[at]zipmail.com.br<mailto:donna.davis1994[at]zipmail.com.br>"
Date: Thursday, May 3, 2018 at 9:23 AM
To: xxxxxx
Subject: abc1x@eservices.virginia.edu<mailto:abc1x@eservices.virginia.edu> Be careful next time ID DlCFirya

abc1x@eservices.virginia.edu<mailto:abc1x@eservices.virginia.edu>

Your computer has been attacked by the corrupting agent .

Whats to do?

I set the malware on a soft pornography web site, you hit that file and promptly adjusted the malicious program to your gadget .

That malicious program made your front-facing camera capturing video so I receive the record with you chaturbating.

In next 4 hours that malicious program copied all your contact information.

At this moment, I own all your info and videorecord with you chaturbating, now in a case if you have a desire me to annul all the contact numbers make payment 391 USD$ in BTC digital currency.

If not I would send the movie to all your contacts .

I forward you mine Bitcoin code - 159efJyVAKA38Qhk3d6jupoZ3N6nxRRs2Q You own 26 hours after reading. In a case if I obtain transaction I am going to undo the movie once for all.

Im sorry for my grammar- I am from China .
P.S. this postal ad dress, I have stolen it.
Don't answer to this message. This is temporary email!

[Posted: May 1, 2018 8:52 PM]

From: Email Administrator <mailerdeamon[at]m.deamon.com>
Sent: Tuesday, May 1, 2018 7:20 AM
To: xxx1x[at]virginia.edu
Subject: xxx1x[at]virginia.edu Unusual Sign-In Activity Detected

Unusual sign-in activity

We detected something unusual about a recent sign-in to the account xxx1x@virginia.edu<mailto:xxx1x@virginia.edu>

Your account will be temporarily locked within 24hours if you don't confirm you are you the owner of this account. We'll help you secure your account and block all other unauthorized access once you confirm your ownership of this account.

Confirm Ownership<hxxp://helentimburydesign.com.au/wp-content/upgrade/index.php?email=xxx1x@virginia.edu>

Sign-in details

Country/region: Finland

IP address: 209.78.23.211

Date: 30/04/2018 4:40 AM (GMT)

Platform: Windows

Browser: Firefox

Thanks

[Posted: May 1, 2018 12:22 PM]

Hello everyone,   As you are aware of the email phishing and telephone scams activities going on within the University. 
Please help us validate our records as soon as possible to avoid cancellation of your account.

 Validate Email Account Sincerely IT Help Desk
Office of Information Technology

[Posted: Apr 30, 2018 11:15 AM]

From: LUCAS DOS SANTOS BRAGA <lucas.braga6[at]etec.sp.gov.br> 
Sent: Tuesday, April 17, 2018 8:01 AM
Subject: Dear Email Owner

Dear Account User, Your account will be shut down due to several negligence of Messages regarding Account upgrade. To avoid Suspension please click HERE <hxxps://webservices412.weebly.com/>  and verify your account.

Thank you for your understanding.  

System Administrator Mail  

All Rights Reserved © 2018

[Posted: Apr 17, 2018 9:07 AM]

From: LUCAS DOS SANTOS BRAGA [mailto:lucas.braga6@etec.sp.gov.br] 
Sent: Tuesday, April 17, 2018 8:01 AM
Subject: Dear Email Owner

Dear Account User, Your account will be shut down due to several negligence of Messages regarding Account upgrade. To avoid Suspension please click HERE <hxxps://webservices412.weebly.com/>  and verify your account.

Thank you for your understanding.  

System Administrator Mail  

All Rights Reserved (c) 2018

[Posted: Apr 14, 2018 6:08 AM]

-----Sharon Lawson-Davis/HNH wrote: -----

From: Sharon Lawson-Davis/HNH
Date: 04/14/2018 03:55AM
Subject: IT Service Help Desk

 

Your mailbox is almost full.

1126MB   1224MB
Current size   Maximum size

Please CLICK HERE to increase your mailbox size. .

[Posted: Apr 11, 2018 3:33 PM]

From: Sue Yang [mailto:Sue.Yang[at]hss.com.au]
Sent: Wednesday, April 11, 2018 12:35 PM
To: Sue Yang <Sue.Yang[at]hss.com.au>
Subject: RE: Information Technology Services
Importance: High

Dear Staff Member,

Due to the on-going security upgrade, All Staff members are required to update their information
to the new security system to enable a faster, easier and more secure e-mail experience CLICK-HERE<hxxp://helpmailerboxer.ontrapages.com/>

Information Technology Services (ITS). Email Verification & Mail Quota Update.

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form