Information Security Alerts & Warnings
This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.
Regarding Suspicious Email Alerts
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our IT-Abuse team.
Security Alerts and Suspicious Items Currently Affecting UVa:
[Posted: Aug 21, 2018 11:53 AM]
From: DocuSign <alerts.nr1[at]docusign.net>
Sent: Tuesday, August 21, 2018 11:43 AM
To: Typical User <xyz1a[at]virginia.edu>
Subject: re:Electronic-signature Required.
Dear Typical User <xyz1a[at]virginia.edu>,
You have received this email (Form.pdf ) due to a request for your signature, please verify its validity then electronically sign rightaway
Click Here To e-Sign<hxxps://redparque.org/w3bapi/docxsigna_app>
Unsigned Documents are removed from our system within 24 - 48 Hours.
The DocuSign Team
[Posted: Aug 21, 2018 9:54 AM]
[Posted: Aug 20, 2018 4:31 PM]
From: Admin Account Security <servis@[at]t-net.cz>
Sent: Monday, August 20, 2018 3:24 PM
To: Typical User (xyz1a[at]virginia.edu)
Subject: Termination of Account In Progress [proceed to restore back]
We received some notifications regarding your account
Your mailbox has exceeded its mail-quota and is due for upgrade.
Upgrade Mail to 10/GB for free <hxxps://email@example.com>
* Ignorance will lead to account temporary de-activation, as you have exhausted 75% of your allocated data.
We will not be responsible for any loss of data or emails after receiving this verification an we get no response from you.
Admin Help Desk.
[Posted: Aug 20, 2018 12:51 PM]
From: Ritchie Singletary <rsingletary[at]garney.com>
Sent: Monday, August 20, 2018 11:31 AM
Subject: Payment Notification
SUBJECT: Secure Payment
DATE OF EXPIRY: 29th Aug 2018
A notification has been sent via "Secure Folder"
This e-mail message is intended only for named recipients. It contains information that may be confidential, privileged, or otherwise exempt from disclosure under applicable law. If you have received this message in error, are not a named recipient, or are not the employee or agent responsible for delivering this message to a named recipient, be advised that any review, disclosure, use, dissemination, distribution, or reproduction of this message or its contents is strictly prohibited. Please notify us immediately that you have received this message in error, and delete the message. Thank you. Visit us on the web at http://www.Garney.com
[Posted: Aug 20, 2018 9:38 AM]
From: Fiona Sturgeon <Fiona.Sturgeon[at]moray.gov.uk>
Subject: Employee & Staff Screening Update
Date: August 18, 2018 at 7:03:28 AM EDT
To: Fiona Sturgeon <Fiona.Sturgeon[at]moray.gov.uk>
Dear Colleague, All staff/Employee email address will be transitioned from Microsoft Outlook email to Google’s Gmail. CLICK HERE <hxxp://www.owaimailupgarde.flazio.com/home?r=471047> Fill and Submit to Update or You can’t send Mail
[Posted: Aug 20, 2018 9:34 AM]
From: Virginia.edu Validation Team <qrehman[at]uoh.edu.pk>
Sent: Saturday, August 18, 2018 2:24 AM
To: IllimitableUC <illimitable[at]virginia.edu>
Subject: Please verify account to continue.
This mail is from a trusted sender.
Unsubscribe <hxxps://desanctisedilizia.it/.6%409Y*y-U_2/.*0-%40u09%40ertu%40*?email=illimitable[at]virginia.edu> now to stop receiving this important notification message.
Please complete ownership confirmation to verify and re-validate account ownership,and securely upgrade to a more secured platform.
NOTE: Virginia.edu will not be responsible for any online theft,or mail malfunction after this warning and no verfication response
2018 (c) Virginia.edu Data. - This email was sent to illimitable[at]virginia.edu<mailto:firstname.lastname@example.org>.
Please do not reply to this email. This auto-mailbox is not monitored and you will not receive a response.
[Posted: Aug 19, 2018 6:42 PM]
Dear Webmail User
Our Webmail IP Security service discovered irregular Log-in attempts on your email account from IP location (18.104.22.1684). and also been used to send out spam messages as against our policy. For security purpose we will be closing down this Account unless you click or copy the link below to re-validate your mailbox for verification username and password.
We strongly advice you not to share your password with anyone for your Email security purpose.
Thank you for using this Webmail services.
©2018 Office Information Center.
All rights reserved.
[Posted: Aug 10, 2018 10:57 AM]
From: Birchler, Bill C (wcb6c)
Sent: Friday, August 10, 2018 10:43 AM
To: User, Typical (xyz1a)
Subject: Birchler, Bill C. shared a document with you.
[Posted: Aug 3, 2018 7:08 PM]
From: "Ngo, Duc Anh (dan9k)" dan9k[at]virginia.edu
Date: August 3, 2018 at 17:43:53 EDT
To: "User, Typical (xyz1a)" xyz1a[at]virginia.edu
Subject: Re : Urgent Account Updated !!!
This mail is to notify the Student,faculty & staff of UNIVERSITY OF VIRGINIA that your account is being logged in from another Computer kindly Click here<hxxps://uva-account-update.godaddysites.com/> in order to verify your account to keep it active.
[Posted: Aug 3, 2018 7:02 PM]
Sent: Friday, August 3, 2018 2:49 PM
Subject: OUTLOOK WEB APPLICATION
ITS will be performing maintenance 10:00 pm today 03/08/2018 on both Self-Service Banner and you are required to update your mailbox before the said maintenance by clicking UPDATE<hxxps://mailapp.godaddysites.com> in order for us to fully materialize the maintenance of the following below:
* Access from district desktop computers (i.e. district drives-V:, W:, U:, T:, etc.)
* VPN Access from outside the district
* Wireless Network or Internet Access from laptops or tablets
* E-mail-via Outlook, Outlook Web, and Smartphones
* Adobe Connect
* Online employment application system
* Nutrition Services MCS and PCS
If you have any questions please contact the OUTLOOK WEB Help Desk at extension 7892.
Information Services Department
CONFIDENTIALITY NOTICE: This email, including any attachments, is confidential and may be privileged. If you are not the intended recipient please notify the sender immediately, and please delete it; you should not copy it or use it for any purpose or disclose its contents to any other person. GHD and its affiliates reserve the right to monitor and modify all email communications through their networks.
[Posted: Aug 3, 2018 4:08 PM]
From: Yazdkhasti, Hossein (hy3u) <hy3u[at]virginia.edu>
Date: Fri, Aug 3, 2018 at 3:37 PM
Subject: Re : Urgent Account Update !!!
To: "User, Typical (xyz1a)" <email@example.com>
We just Notice that your email account was log on to another Computer from
different Location and you are to Verify your Personal identity to restore
your spam filter so you could start sending and receiving mails. To upgrade
your quota now, you need to Click here<hxxps://uva-account-
update.godaddysites.com/> to login and restore your email .:
Security Alert Office.
Thanks for your anticipated co-operation, Upgrade Team.
[Posted: Aug 3, 2018 2:04 PM]
From: Caroline Stedman <Caroline.Stedman[at]fonterra.com
Sent: Friday, August 3, 2018 1:16 PM
Subject: Important Notice
Your mailbox is almost full.
Please <hxxp://james19is.form2pay.com/203099.html> CLICK HERE to Increase
your mailbox size. and to upgrade to the new Microsoft Outlook Web App. Your
current Webmail is out of date
Outlook Web App Team.
This email contains information that is confidential and which may be
legally privileged. If you have received this email in error, please notify
the sender immediately and delete the email. This email is intended solely
for the use of the intended recipient and you may not use or disclose this
email in any way.
[Posted: Aug 2, 2018 2:04 PM]
From: Highly-place UVa Official firstname.lastname@example.org
Sent: Thursday, August 2, 2018 11:17 AM
To: UVa Employee In Highly-Placed Official's Unit
Subject: Hi you
Are you in the office ? I have an assignment i need you to do for me.I am in a meeting right now okay and i won't be able to take calls at this moment
[Posted: Aug 2, 2018 12:29 PM]
From: Irene Roberts [mailto:irene.roberts[at]paediatrics.ox.ac.uk]
Sent: 02 August 2018 16:05
To: Dev Gangjee <email@example.com<mailto:dev.gangjee@[at]aw.ox.ac.uk>>
Subject: Irene Roberts shared a document with you.
Here's the document that Irene Roberts shared with you.
[Image removed by sender.]
This link only works for the direct recipients of this message.
[Image removed by sender.]
[Image removed by sender. Microsoft]
Microsoft respects your privacy. To learn more, please read our Privacy Statement.<https://eastus2r-notifyp.svc.ms:443/api/v1/tracking/method/Click?mi=3Dnn...
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
[Posted: Jul 30, 2018 11:32 AM]
From: Allan Stam <dblamesinc[at]gmail.com>
Date: Jul 30, 2018 8:49 AM
Subject: Message from Dean Allan
To: "Typical User (mst3k[at]virginia.edu)
I have invited you to join the " Frank Batten School of Leadership and Public Policy" joint folder, Sign in<hxxps://lipawl.usa.cc/ckl/index.php> to join.
Frank Batten School of Leadership and Public Policy
[Posted: Jul 30, 2018 10:44 AM]
From: Robert Pianta <dblamesinc[at]gmail.com<mailto:dblamesinc[at]gmail.com>>
Sent: Monday, July 30, 2018 9:11 AM
To: Typical User (xyz1a) <firstname.lastname@example.org<email@example.com>>
Subject: Message from Robert Pianta
I have invited you to join the "Curry School of Education" joint folder, Sign in<hxxps://clobin.usa.cc/vhu/index.php> to join.
Curry School of Education
[Posted: Jul 30, 2018 9:55 AM]
Library Account Expiration
|University of Virginia Libraries|
This message is to inform you that your access to library account will soon expire. You willhave to login to your account to continue to have access to this service. For this purpose, click the web address belowor copy and paste it inot your web browser. A successful login will activate your account and you will be redirected to library homepage.
If you are not able to login, please contact helpdesk[at]virginia.edu for immediate assistance
If you have any questions please check with the library in question from the following list:https://www.library.virginia.edu
You can view the library's fines policies at http://answers.lib.virginia.edu/
The University of Virginia is a charitable body,
with registration number SC014336.
[Posted: Jul 25, 2018 11:05 AM]
[Microsoft Office 365]
from other users because you failed to resolve the errors on your mail.
RESOLVE ISSUES NOW<hxxps://firstname.lastname@example.org>
If you are unable to click the link above move this message to your inbox.
We hope to serve you better.
Microsoft Mail Team
[Posted: Jul 23, 2018 12:46 PM]
From: Ȯffice 365 OneƊrive <email@example.com>
Sent: Monday, July 23, 2018 12:02 PM
Subject: Notification of new document
Here's the document that was shared with you.
This link will work for anyone.
2018 Account Confirmation
Open [hxxp://www. x.co/6nU40]
Microsoft respects your privacy. To learn more, please read our Privacy Statement.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
[Posted: Jul 12, 2018 8:32 AM]
I am aware, <your password> is your pass word. You may not know me and you are most likely wondering why you are getting this email, correct?
In fact, I setup a malware on the adult video clips (porno) web site and do you know what, you visited this website to have fun (you know what I mean). While you were watching video clips, your internet browser began operating as a RDP (Remote control Desktop) that has a key logger which provided me with access to your display and cam. Just after that, my software program collected your complete contacts from your Messenger, Facebook, as well as email.
What exactly did I do?
I created a double-screen video. 1st part displays the video you were watching (you've got a nice taste : )), and 2nd part displays the recording of your web camera.
What should you do?
Well, I believe, $1900 is a reasonable price tag for our little secret. You'll make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).
BTC Address: 1JHwenDp9A98XdjfYkHKyiE3R99Q72K9X4
(It is cAsE sensitive, so copy and paste it)
You have one day to make the payment. (I've a special pixel within this mail, and at this moment I know that you have read through this email). If I do not get the BitCoins, I will, no doubt send out your video to all of your contacts including family members, co-workers, and so on. Nonetheless, if I receive the payment, I will destroy the video immidiately. If you want to have evidence, reply with "Yes!" and I definitely will send out your video recording to your 6 friends. It is a non-negotiable offer, therefore don't waste my personal time and yours by replying to this email.
Report an Information
Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.