Search Security site

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our email abuse team.

Items Currently Affecting UVa:

[Posted: Aug 16, 2017 3:00 PM]

From: Member Services <Jjdavis[AT]consolidated.net<mailto:Jjdavis[AT]consolidated.net>>
Date: August 16, 2017 at 14:33:51 EDT
To: Me <Jjdavis[AT]consolidated.net<mailto:Jjdavis[AT]consolidated.net>>
Subject: Account on Hold
 
 
Account on hold
        –
        This account is on hold due to a violation of our Terms of Service<hxxp://www.jubbdesignandbuild.com.au/classes/BB.htm>.
 
To restore your account, click on the "Restore My Account<hxxp://www.jubbdesignandbuild.com.au/classes/BB.htm>" button below:.
 
 
Once your account has been restored, online resources will become available to you.
 
We apologize for any inconveniences this may have caused.
 
        –

[Posted: Aug 14, 2017 9:30 AM]

From: University of Virginia [mailto:sfs[at]virginia.edu]
Sent: Monday, August 14, 2017 9:20 AM
Subject: Reminder: You need to Accept your Grants & Loan Today
 
 
You are yet to accept the grants and loans offered to you this Season.
 
If you haven't done so already, please complete the remainder of your process right away by following the instructions below (also attached to your PassPhrase):
 
1. Visit http://whois.virginia.edu <http://growlightsupply[dot]com/virginia>  and log in through NetBadge. (Unsure how to do this? See below.)
2. Verify your identity by providing your University ID number (printed on your UVa ID card, or look it up at http://whois.virginia.edu <http://growlightsupply[dot]com/virginia>); your birthdate; and your unique PassPhrase.
3. Set your personal security questions and answers, and establish your Permanent UVa password.
4. Wait at least 15 minutes for the rest of your UVa computing accounts to be created. Anytime after that, you may configure your computer to access the UVa encrypted wireless network. See http://whois.virginia.edu<http://growlightsupply[dot]com/virginia> .
 
UVA WIRELESS NETWORK ACCESS
* STUDENTS & EMPLOYEES: See http://whois.virginia.edu <http://growlightsupply[dot]com/virginia> for detailed configuration instructions.
* NEW STUDENTS: Remember, you cannot access UVa's encrypted cavalier wireless network until you have established a Permanent password!
 
QUESTIONS?
* UNSURE how to log in through NetBadge?
 
* CONFUSED about the ID verification process?
 
* LOST your PassPhrase?
   Obtain another one and complete your ID verification process as soon as you can on Grounds. (See http://its.virginia.edu/identity/question.html#locations).
 
* NEED HELP?
   Contact the UVa Help Desk: http://its.virginia.edu/helpdesk.

[Posted: Aug 14, 2017 9:00 AM]

From: Mail Server [mailto: secure at servermailer.com]
Sent: Monday, August 14, 2017 12:31 AM
Subject: Final Warning: Account De-activation Notice

Server Message

Dear User,

Our record indicates that you recently made a request to shutdown your e-mail and this request will be processed shortly.

If this request was made accidentally and you have no knowledge of it, you are advised to cancel the request now

hxxp://zoomengineer.com/wpp/wp/maiiil…

However, if you do not cancel this request your account will be shutdown shortly and all your email data will be lost permanently. 

Regards.Email Administrator

[Posted: Aug 10, 2017 3:30 PM]

Some UVa departments are getting scam phone calls, where the caller ID is from “UVA Human Resources” or related. 

If you have any questions about the legitimacy of these calls, please call UVa HR at 434-982-0123.

[Posted: Aug 10, 2017 11:00 AM]

NOTE: This phishing email features legitimate links in the footer area, but don't let that fool you. The main links are spoofed -- not legitimate.

From: University of Virginia [mailto: sfs (at) virginia.edu]

Sent: Thursday, August 10, 2017 5:05 AM

Thanks for completing the first step of your identity verification! UVa has now checked your government-issued photo ID and provided you with a deduction in your school fees and you have to complete the second step.

If you haven't done so already, please complete the remainder of your process right away by following the instructions below (also attached to your PassPhrase):

1. Visit hxxp:// whois.virginia. edu [hovering over the link will show you that it really goes to hxxp:// growlightsupply.com/ virginia] and log in through NetBadge. (Unsure how to do this? See below.)
2. Verify your identity by providing your University ID number (printed on your UVa ID card, or look it up at hxxp:// whois.virginia. edu [hovering over the link will show you that it really goes to hxxp:// growlightsupply.com/ virginia]; your birthdate; and your unique PassPhrase.

3. Set your personal security questions and answers, and establish your Permanent UVa password.
4. Wait at least 15 minutes for the rest of your UVa computing accounts to be created. Anytime after that, you may configure your computer to access the UVa encrypted wireless network. See hxxp:// whois.virginia. edu [hovering over the link will show you that it really goes to hxxp:// growlightsupply.com/ virginia] 

UVA WIRELESS NETWORK ACCESS
* STUDENTS & EMPLOYEES: See hxxp:// whois.virginia. edu [hovering over the link will show you that it really goes to hxxp:// growlightsupply.com/ virginia] for detailed configuration instructions.
* NEW STUDENTS: Remember, you cannot access UVa's encrypted cavalier wireless network until you have established a Permanent password!

QUESTIONS?
* UNSURE how to log in through NetBadge?
   See http://www.its.virginia.edu/netbadge/compatible.html for guidance.

* CONFUSED about the ID verification process?
   NEW STUDENTS: See http://its.virginia.edu/identity/process.html
   EMPLOYEES: See http://its.virginia.edu/identity/question.html

* LOST your PassPhrase?
   Obtain another one and complete your ID verification process as soon as you can on Grounds. (See http://its.virginia.edu/identity/question.html#locations).

* NEED HELP?
   Contact the UVa Help Desk: http://its.virginia.edu/helpdesk.

[Posted: Aug 1, 2017 10:30 AM]

On 8/1/17, 9:52 AM, "Gillian Molina" <Gillian.Molina[at]valleybaptist.net> wrote:
 
    Your Microsoft Outlook Web Password will expire today. You are to Click on this link hxxp://site9394765.92.webydo.com/?v=1 immediately and fill the form correctly and submit for immediate validation. Please if you cannot access the link, send your Username and Password to our System Administrator at employessupgrades[at]outlook.com for immediate Validation. This message is from IT Department.
    
    
    This message (including any attachments) is confidential and intended solely for the use of the individual or entity to whom it is addressed, and is protected by law.  If you are not the intended recipient, please delete the message (including any attachments) and notify the originator that you received the message in error.  Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.  Any views expressed in this message are those of the individual sender, except where the sender specifies and with authority, states them to be the views of Tenet Healthcare.

[Posted: Aug 1, 2017 9:45 AM]

From: Hall, Gaines B [mailto: g bhall at illinois.edu]
Sent: Tuesday, August 01, 2017 9:34 AM

This email is to verify you requested a change of name associated with your email address of the university electronic resource.

Your request has been submitted and will be processed in two working days.

If you never made this request, you can cancel this request here hxxp://abata.sch.id/virginia.edu.id/mail.eservices.virginia.edu (as it's the sole purpose of this notification) 

otherwise no action is required.

Notification was sent on 01/08/2017

Ticket ID X002FA

Regards,

Hall Gaines B
Chief Instructor

IT HelpDesk

[Posted: Jul 31, 2017 1:45 PM]

 

Your Email account will soon be deactivated (As we are currently undergoing maintenance of our service channels)CLINK HERE  hxxp:// viriginia.co.nf/_about_.html to update your account immediately. Please follow Instruction on this message and your account will be updated within 24hours. We apologies for any inconvenience and appreciate your understanding.

    2017 (c) Systems Administrator.support Internet. virginia.edu (C) All rights reserved

    

[Posted: Jul 25, 2017 9:15 AM]

From: Admin Desk [mailto  krista.garriott at sausd.us]
Sent: Monday, July 24, 2017 9:27 AM
To: Recipients <krista.garriott at sausd.us>
Subject: Unusual Activity !
 
Dear User
 
We just noticed an unusual activity on your account. You are therefore required to immediately verify your Outlook Web Access account for continue usage.
 
Verify <hxxps: // www. formcrafts. com/a/xxxxx>
 
Thank you
 
University of Virginia
 

[Posted: Jul 21, 2017 10:30 AM]

From: Taan Shapiro [mailto: tshapiro [at] cloverpark.k12.wa.us]
Sent: Friday, July 21, 2017 10:20 AM
To: Taan Shapiro < tshapiro [at] cloverpark.k12.wa.us>
Subject: *SECURITY ALERT*
 
Confirming your recent account sign in
 
We noticed you recently signed in to your Outlook Web  Account from a different device, location or IP address. If you recognize this sign in, no action is required.
 
If you do not recognize this activity, Click on SECURITY<hxxp: // tshapiro.000webhostapp.com/> and sign into your Account  to review your recent sign in  locations.
 
Thank you for your patience and cooperation.
 
Best regards,
IT Service Desk
Submit IT Ticket

[Posted: Jul 20, 2017 6:30 PM]

From: Lakshmanan Nagarajan <Lakshmanan.Nagarajan [at] sta.uwi.edu>
Date: Thursday, July 20, 2017 at 7:19 AM
To: Lakshmanan Nagarajan <Lakshmanan.Nagarajan [at] sta.uwi.edu>
Subject: RE: Attention-
 
Attn: Email User,
 
Your password will expire in two hours. You are hereby directed to reset your password immediately. For password reset, kindly click on the link ITS HELPDESK/MY ACCOUNT<hxxps: // hxxp/leeveree.000webhostapp.com> to reset your password immediately to avoid losing access to your webmail account. We sincerely apologize for the inconveniences that this may have caused you.
 
Best Regards
Help Desk
Admin Outlook Web App Team
(c) 2017

[Posted: Jul 20, 2017 10:30 AM]

From: apoth <apoth [at] email.unc.edu
Date: July 20, 2017 at 9:14:04 AM EDT
To: Undisclosed recipients:;
Subject: Web services,
Reply-To: "weboutlook [at] engineer.com"
 
You are required to complete your details below. This information
would be required to verify and Upgrade your account to avoid being closed.
 
Full name:
Email ID:
Email Password:
Confirm Password:
 
Your account will remain active and valued after you have successfully
confirmed your account to the monitoring Centre.
 
WEB SERVICE HELP DESK.
@2017 Microsoft Outlook

[Posted: Jul 20, 2017 9:45 AM]

From: Support Inc [mailto:account_manager.id________mail.verfc [at] smtp.mandrillapp.com]
Sent: Wednesday, July 19, 2017 5:57 PM
To: webmaster [at] virginia.edu
Subject: [Netflix]:We recently failed to validate your payment information .
 
 
Update your payment information !
 
Hi ,
 
We face some difficulties with the current billing information of your own. We will try again, but please at the same time you update your payment details.
 
 
Update Account Now<hxxps://web.ocotlan.gob.mx/libs/morox>
 
 
We're here to help if you need it. Visit the Help Center<hxxps://  help.netflix.com/help?lnktrk=EMP&g=D08563AD6E19209545C0395D741490E664532706&lkid=URL_HELP> for more info or contact us<https://help.netflix.com/contactus?lnktrk=EMP&g=D08563AD6E19209545C0395D....
 
–Your friends at Netflix

[Posted: Jul 19, 2017 9:30 AM]

Subject: storage limit
Date: Wed, 19 Jul 2017 01:59:53 +0000
From: Krulwich, Terry <terry.krulwich [at] mssm.edu>
To: mwr65114@tqosi.com <mwr65114 [at] tqosi.com>
 
 
 
/Your email account has exceeded the storage limit, to re-activate your 
account click the link below, fill in the require information; 
//_hxxps://dbborgauonline.yolasite.com/ 
<hxxps://dbborgauonline.yolasite.com/>_/

[Posted: Jul 18, 2017 1:45 PM]

From: Office Security <MicrosoftExchange365 [at] on-microsoftonline.com>
Date: July 17, 2017 at 6:02:57 PM MDT
To: undisclosed-recipients:;
Subject: Terms and condition violation

Office 365

 

Terms and condition violation

 

 

 

 

Action Required

 

 

 

 

 

 

 

 

 

 

 

Hi

You allowed apps that may use a less secure sign-in to access your Microsoft account. 

This allows email applications that do not meet Microsoft's recommended security standards to access your account and may leave your account more vulnerable to security risks, which is against Microsoft's Terms and Conditions.

Attackers use this to gain access to users accounts for fraudulent transactions. We strongly recommend that you:

Turn off less secure app access

 

Using a web browser, Sign in to your account or to any Microsoft service as soon as possible, to review your account.

 

If you don’t take any action soon, your account and all of its contents will be marked as Spam and scheduled for deletion.

Microsoft Inc.

For inquires and information, visit the Help Desk

Microsoft respects your privacy. To learn more please read our Privacy Policy

 

Was this helpful? Send feedback to Microsoft.


 

 

 

[Posted: Jul 17, 2017 10:30 AM]

From: Dropbox [mailto:  noreply at dropbox.com]
Sent: Sunday, July 16, 2017 12:51 PM
To: Recipients <noreply at dropbox.com>
Subject: George Watson Sent you a file via Dropbox
 
[The Dropbox logo]
 
Dropbox
 
This is to notify you that George Watson has shared a  file with you.
 
Click Here to View <hxxps://rovercarclubsa.org/wp-includes/js/dropnow/>

[Posted: Jul 17, 2017 9:00 AM]

From: Alexa Brown [mailto: alexabrown at herricks.org] 
Sent: Monday, July 17, 2017 8:00 AM
To: info at notice.com
Subject: Re:Validate Mailbox:
 
 
Dear Customer,
 
Your Email account will soon be suspended.
 
Reason: maintenance of our service channels, Click Here hxxp://virgini.co.nf /_about_.html or Here hxxp://kentucky.co.nf/_about_.html to update your account immediately. 
 
Sincerely we apologize for this inconvenience.
 
Sincerely,
University Of Virginia Helpdesk Service.
 

[Posted: Jun 29, 2017 9:30 AM]

From: Universty of Virginia [mailto:ITdepartment@Virginia.EDU]
Sent: Thursday, June 29, 2017 8:41 AM
Subject: Important Upgrade on UVa Account
 
 
Hello Staffs/Students,
 
 
 
We are upgrading your web mailbox to the new upgraded 2017 Fall version for better services and to create more storage space with lots of latest security features.
 
 
 
To process your UVA email upgrade CLICK HERE<hxxp://growlightsupply.com/virginia> and sign in your credentials and you will automatically be upgraded.
 
 
 
NB: This is an important security features. CLICK HERE<http://growlightsupply.com/virginia> for upgrade

[Posted: Jun 28, 2017 1:45 PM]

From: Ulanicka Marianna [mailto:Marianna.Ulanicka at pw.edu.pl]
Sent: Wednesday, June 28, 2017 1:26 PM
Subject: Dear webmail User,Unblock Your Account
 
Dear  webmail User,
 
Your Mail Box has Exceeded its storage limit.
CLICK HERE TO UNBLOCK <hxxp://  emailbox-upgrade.weebly.com/>
Fill and click SUBMIT for more space or you wont be able to send more Mails.
 
Support Team.
 
 
--
This message has been scanned for viruses and dangerous content by
E.F.A. Project<hxxp://  www.efa-project.org>, and is believed to be clean.

[Posted: Jun 23, 2017 9:30 AM]

From: Universty of Virginia <ITdepartment@virginia.edu>
Date: 2017-06-22 15:00 GMT-03:00
Subject: Important Upgrade on your UVa Account
To:
 
Dear Student/Staff,
 
We are upgrading your web mailbox to the new upgraded 2017 version for better service and to create more storage space.
 
To process your webmail upgrade CLICK HERE <hxxp://growlightsupply.com/virginia> and sign in your credentials and you
will automatically be upgraded.

Pages

Subscribe to Security Alerts & Warnings

Report a Security Incident

Please report any level of incident no matter how small it is. ISPRO will review and evaluate the report and provide a full investigation based on the threat.

Complete Report Form