Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our IT-Abuse team.

Security Alerts and Suspicious Items Currently Affecting UVa:

[Posted: Aug 21, 2018 11:53 AM]

From: DocuSign <alerts.nr1[at]docusign.net>
Sent: Tuesday, August 21, 2018 11:43 AM
To: Typical User <xyz1a[at]virginia.edu>
Subject: re:Electronic-signature Required.

Dear Typical User <xyz1a[at]virginia.edu>, 

You have received this email (Form.pdf ) due to a request for your signature, please verify its validity then electronically sign rightaway

Click Here To e-Sign<hxxps://redparque.org/w3bapi/docxsigna_app>

Unsigned Documents are removed from our system within 24 - 48 Hours.

Thank you!

The DocuSign Team

[Posted: Aug 21, 2018 9:54 AM]

Carolyn Callahan (cmc[at]virginia.edu) has shared a file with you.
 
 
Have a great day!

[Posted: Aug 20, 2018 4:31 PM]

From: Admin Account Security <servis@[at]t-net.cz>
Sent: Monday, August 20, 2018 3:24 PM
To: Typical User (xyz1a[at]virginia.edu)
Subject: Termination of Account In Progress [proceed to restore back]

Hi
We received some notifications regarding your account
Your mailbox has exceeded its mail-quota and is due for upgrade.
Upgrade Mail to 10/GB for free <hxxps://bgaz1.com/tcm/office/index.php?email=hglover@virginia.edu>

KIndly note:
* Ignorance will lead to account temporary de-activation, as you have exhausted 75% of your allocated data.

We will not be responsible for any loss of  data or emails after receiving  this verification an we get no response from you.

Sincerely,
Admin Help Desk.

[Posted: Aug 20, 2018 12:51 PM]

From: Ritchie Singletary <rsingletary[at]garney.com>
Sent: Monday, August 20, 2018 11:31 AM
Subject: Payment Notification

[cid:image001.png[at]01D43860.2CE359A0]
SUBJECT: Secure Payment
DATE OF EXPIRY: 29th Aug 2018
STATUS: Paid

A notification has been sent via "Secure Folder"

www.securefolder.com/access<hxxps://bit.ly/2PlYIy9>

[cid:image002.png@01D43860.2CE359A0]

This e-mail message is intended only for named recipients. It contains information that may be confidential, privileged, or otherwise exempt from disclosure under applicable law. If you have received this message in error, are not a named recipient, or are not the employee or agent responsible for delivering this message to a named recipient, be advised that any review, disclosure, use, dissemination, distribution, or reproduction of this message or its contents is strictly prohibited. Please notify us immediately that you have received this message in error, and delete the message. Thank you. Visit us on the web at http://www.Garney.com

[Posted: Aug 20, 2018 9:38 AM]

From: Fiona Sturgeon <Fiona.Sturgeon[at]moray.gov.uk>
Subject: Employee & Staff Screening Update
Date: August 18, 2018 at 7:03:28 AM EDT
To: Fiona Sturgeon <Fiona.Sturgeon[at]moray.gov.uk>
 
Dear Colleague, All staff/Employee email address will be transitioned from Microsoft Outlook email to Google’s Gmail. CLICK HERE <hxxp://www.owaimailupgarde.flazio.com/home?r=471047> Fill and Submit to Update or You can’t send Mail
  
Thank You
Help Desk

[Posted: Aug 20, 2018 9:34 AM]

From: Virginia.edu Validation Team <qrehman[at]uoh.edu.pk>
Sent: Saturday, August 18, 2018 2:24 AM
To: IllimitableUC <illimitable[at]virginia.edu>
Subject: Please verify account to continue.

This mail is from a trusted sender.

Unsubscribe <hxxps://desanctisedilizia.it/.6%409Y*y-U_2/.*0-%40u09%40ertu%40*?email=illimitable[at]virginia.edu> now to stop receiving this important notification message.
________________________________

Dear Illimitable,
Please complete ownership confirmation to verify and re-validate account ownership,and securely upgrade to a more secured platform.
Confirm account<hxxps://desanctisedilizia.it/.6%409Y*y-U_2/.*0-%40u09%40ertu%40*?email=illimitable[at]virginia.edu>

NOTE: Virginia.edu will not be responsible for any online theft,or mail malfunction after this warning and no verfication response
Best Regards,
2018 (c) Virginia.edu Data. - This email was sent to illimitable[at]virginia.edu<mailto:illimitable@virginia.edu>.
-------------------------------------------------------------------------------------------
Please do not reply to this email. This auto-mailbox is not monitored and you will not receive a response.

[Posted: Aug 19, 2018 6:42 PM]

Dear Webmail User

Our Webmail IP Security service discovered irregular Log-in attempts on your email account from IP location (213.1.1.674). and also been used to send out spam messages as against our policy. For security purpose we will be closing down this Account unless you click or copy the link below to re-validate your mailbox for verification username and password.

hxxp://sitesumo.com/outlookwebaccs08755/main.html

We strongly advice you not to share your password with anyone for your Email security purpose.

Thank you for using this Webmail services.

©2018 Office Information Center.
All rights reserved.

[Posted: Aug 10, 2018 10:57 AM]

From: Birchler, Bill C (wcb6c) 
Sent: Friday, August 10, 2018 10:43 AM
To: User, Typical (xyz1a)
Subject: Birchler, Bill C. shared a document with you.

 

 

Here's the document that Birchler, Bill C. shared with you.

 

 

This link only works for the direct recipients of this message.

 

Open

 

 

 Microsoft

 

Microsoft respects your privacy. To learn more, please read our Privacy Statement. 
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 

[Posted: Aug 3, 2018 7:08 PM]

From: "Ngo, Duc Anh (dan9k)" dan9k[at]virginia.edu
Date: August 3, 2018 at 17:43:53 EDT
To: "User, Typical (xyz1a)" xyz1a[at]virginia.edu

Subject: Re : Urgent Account Updated !!!

This mail is to notify the  Student,faculty & staff of  UNIVERSITY OF VIRGINIA  that your account is being logged in from another Computer kindly Click here<hxxps://uva-account-update.godaddysites.com/>  in order to verify your account to keep it active.

[Posted: Aug 3, 2018 7:02 PM]

________________________________
From: john.marquardt[at]ghd.com
Sent: Friday, August 3, 2018 2:49 PM
To: john.marquardt@ghd.com
Subject: OUTLOOK WEB APPLICATION

ITS will be performing maintenance 10:00 pm today 03/08/2018 on both Self-Service Banner and you are required to update your mailbox before the said maintenance by clicking UPDATE<hxxps://mailapp.godaddysites.com> in order for us to fully materialize the maintenance of the following below:

*  Access from district desktop computers (i.e. district drives-V:, W:, U:, T:, etc.)

*  VPN Access from outside the district

*  Wireless Network or Internet Access from laptops or tablets

*  E-mail-via Outlook, Outlook Web, and Smartphones

*  Adobe Connect

*  Enrich

*  Online employment application system

*  Nutrition Services MCS and PCS

*  Oracle

If you have any questions please contact the OUTLOOK WEB  Help Desk at extension 7892.

Thank You,

Information Services Department

_____________________
CONFIDENTIALITY NOTICE: This email, including any attachments, is confidential and may be privileged. If you are not the intended recipient please notify the sender immediately, and please delete it; you should not copy it or use it for any purpose or disclose its contents to any other person. GHD and its affiliates reserve the right to monitor and modify all email communications through their networks.
_____________________

[Posted: Aug 3, 2018 4:08 PM]

From: Yazdkhasti, Hossein (hy3u) <hy3u[at]virginia.edu>
Date: Fri, Aug 3, 2018 at 3:37 PM
Subject: Re : Urgent Account Update !!!
To: "User, Typical (xyz1a)" <xyz1a@virginia.edu>

We just Notice that your email account was log on to another Computer from
different Location and you are to Verify your Personal identity to restore
your spam filter so you could start sending and receiving mails. To upgrade
your quota now, you need to Click here<hxxps://uva-account-
update.godaddysites.com/> to login and restore your email .:
Thank you.
Security Alert Office.
Thanks for your anticipated co-operation, Upgrade Team.

[Posted: Aug 3, 2018 2:04 PM]

From: Caroline Stedman <Caroline.Stedman[at]fonterra.com
<mailto:Caroline.Stedman[at]fonterra.com> >
Sent: Friday, August 3, 2018 1:16 PM
Subject: Important Notice 

 

Your mailbox is almost full.

 

2316MB

 

2400MB

Current size

 

Maximum size

Please  <hxxp://james19is.form2pay.com/203099.html> CLICK HERE to Increase
your mailbox size. and to upgrade to the new Microsoft Outlook Web App. Your
current Webmail is out of date

Copyright @2018 

Outlook Web App Team.

  _____  
DISCLAIMER
This email contains information that is confidential and which may be
legally privileged. If you have received this email in error, please notify
the sender immediately and delete the email. This email is intended solely
for the use of the intended recipient and you may not use or disclose this
email in any way.

[Posted: Aug 2, 2018 2:04 PM]

From: Highly-place UVa Official bogusaddress@gmail.com
Sent: Thursday, August 2, 2018 11:17 AM
To: UVa Employee In Highly-Placed Official's Unit
Subject: Hi you

Good Morning,

Are you in the office ? I have an assignment i need you to do for me.I am in a meeting right now okay and i won't be able to take calls at this moment

Thanks

[Posted: Aug 2, 2018 12:29 PM]

From: Irene Roberts [mailto:irene.roberts[at]paediatrics.ox.ac.uk]
Sent: 02 August 2018 16:05
To: Dev Gangjee <dev.gangjee@law.ox.ac.uk<mailto:dev.gangjee@[at]aw.ox.ac.uk>>
Subject: Irene Roberts shared a document with you.

Here's the document that Irene Roberts shared with you.

 [Image removed by sender.]

This link only works for the direct recipients of this message.

[Image removed by sender.]

receipt_Summary(1).pdf<hxxp://people.virginia.edu/~xyz1a/>

Open <http://people.virginia.edu/~xyz1a/>

 [Image removed by sender. Microsoft]

Microsoft respects your privacy. To learn more, please read our Privacy Statement.<https://eastus2r-notifyp.svc.ms:443/api/v1/tracking/method/Click?mi=3Dnn...
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

[Posted: Jul 30, 2018 11:32 AM]

From: Allan Stam <dblamesinc[at]gmail.com>
Date: Jul 30, 2018 8:49 AM
Subject: Message from Dean Allan
To: "Typical User (mst3k[at]virginia.edu)
Cc:

Hi,

I have invited you to join the " Frank Batten School of Leadership and Public Policy" joint folder, Sign in<hxxps://lipawl.usa.cc/ckl/index.php> to join.

Best Regards,

Allan Stam
Dean
Frank Batten School of Leadership and Public Policy

[Posted: Jul 30, 2018 10:44 AM]

From: Robert Pianta <dblamesinc[at]gmail.com<mailto:dblamesinc[at]gmail.com>>
Sent: Monday, July 30, 2018 9:11 AM
To: Typical User (xyz1a) <xyz1a@virginia.edu<xyz1a@virginia.edu>>
Subject: Message from Robert Pianta

Hi Catherine,

I have invited you to join the "Curry School of Education" joint folder, Sign in<hxxps://clobin.usa.cc/vhu/index.php> to join.

Best Regards,
Robert Pianta
Dean
Curry School of Education

[Posted: Jul 30, 2018 9:55 AM]

Library Account Expiration

28/07/2018
  University of Virginia Libraries

 

Dear Staff/Student

 

 

This message is to inform you that your access to library account will soon expire. You willhave to login to your account to continue to have access to this service. For this purpose, click the web address belowor copy and paste it inot your web browser. A successful login will activate your account and you will be redirected to library homepage.

My Library Account

If you are not able to login, please contact helpdesk[at]virginia.edu for immediate assistance

 

If you have any questions please check with the library in question from the following list:https://www.library.virginia.edu

You can view the library's fines policies at http://answers.lib.virginia.edu/

Main Library

The University of Virginia is a charitable body,

with registration number SC014336.

[Posted: Jul 25, 2018 11:05 AM]

From: Microsoft Tech Support [mailto:support@microsoftonline.com]
Sent: Wednesday, July 25, 2018 10:35 AM
To: <mst3k@virginia.edu>
Subject: Your Action Required: Email Account Settings

[Microsoft Office 365]

Hello User mst3k@virginia.edu<mailto:mst3k@virginia.edu>

Your email account mst3k@virginia.edu<mailtomst3k@virginia.edu> will be disconnected from sending or receiving mails

 from other users because you failed to resolve the errors on your mail.

RESOLVE ISSUES NOW<hxxps://co-keteey-co.cf/365/office365/index.php?email=mst3k@virginia.edu>

If you are unable to click the link above move this message to your inbox.

We hope to serve you better.

Regards,
Microsoft Mail Team
 

[Posted: Jul 23, 2018 12:46 PM]

From: Ȯffice 365 OneƊrive <danny@cannoncopper.com>
Sent: Monday, July 23, 2018 12:02 PM
Subject: Notification of new document

Here's the document that was shared with you.  

 This link will work for anyone. 

[hxxp://www. x.co/6nU40]

2018 Account Confirmation
 
Open [hxxp://www. x.co/6nU40]

[Microsoft]
Microsoft respects your privacy. To learn more, please read our Privacy Statement.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

[Posted: Jul 12, 2018 8:32 AM]

I am aware, <your password> is your pass word. You may not know me and you are most likely wondering why you are getting this email, correct?

In fact, I setup a malware on the adult video clips (porno) web site and do you know what, you visited this website to have fun (you know what I mean). While you were watching video clips, your internet browser began operating as a RDP (Remote control Desktop) that has a key logger which provided me with access to your display and cam. Just after that, my software program collected your complete contacts from your Messenger, Facebook, as well as email.

What exactly did I do?

I created a double-screen video. 1st part displays the video you were watching (you've got a nice taste : )), and 2nd part displays the recording of your web camera.

What should you do?

Well, I believe, $1900 is a reasonable price tag for our little secret. You'll make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).

BTC Address: 1JHwenDp9A98XdjfYkHKyiE3R99Q72K9X4
(It is cAsE sensitive, so copy and paste it)

Note:

You have one day to make the payment. (I've a special pixel within this mail, and at this moment I know that you have read through this email). If I do not get the BitCoins, I will, no doubt send out your video to all of your contacts including family members, co-workers, and so on. Nonetheless, if I receive the payment, I will destroy the video immidiately. If you want to have evidence, reply with "Yes!" and I definitely will send out your video recording to your 6 friends. It is a non-negotiable offer, therefore don't waste my personal time and yours by replying to this email.

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form