Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to abuse@virginia.edu.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Nov 11, 2018 10:00 PM]

To Avoid being removed from Server.Please click on the following link to validate your email.

<hxxp://robertworton65.000webhostapp.com/>
 Click here to verify your email<hxxps://correo.ccu.cl/owa/app-1540363796.000webhostapp.com>

After activating your account you will be able to login with your email address and password on future visits.

Best wishes
Center.

2018 Update Mail Message.

[Posted: Nov 9, 2018 10:28 AM]

From: Christina Alvarez-Garza (Christina.Alvarez-Garza@vectorlabs.com) [system@sent-via.netsuite.com]

Sent: Thursday, November 8, 2018 7:45 PM

To: vendor-invoices@virginia.edu

Subject: Maravai Life Sciences: Invoice #INVVUS31789

 

Please open the attached file to view your Invoice.

 

To view the attachment, you first need the free Adobe Acrobat Reader. If you don't have it yet, visit Adobe's Web site http://www.adobe.com/products/acrobat/readstep.html to download it.

[Posted: Nov 6, 2018 6:31 PM]

From: Bruns, David E (deb6j)
Sent: Tuesday, November 6, 2018 2:47 PM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Re : NEW UVA INTERNSHIP AND JOB POSITIONS AVAILABLE !!!

Hello!

JOBS Might be on your mind... There is a BIG career showcase happening soon.

See the info below:
Career Showcase is for ALL students, not just Business and Engineering students. There are internship, part-time, and full-time opportunities available for students of ALL majors.

3-5 hours Mon-Fri.
Salary: $30.55 per hour.
Training: $20.55 per hour.
Start your online application here. Kindly Click here<hxxps://form.jotform.com/Nowonlineverification/executive-personal-assistant-job>  to start Applying.

[Posted: Nov 5, 2018 8:42 AM]

Dear UVA Faculty and Staff, 
 
Each year UVA HR reviews and benchmarks benefits programs like health, retirement, time off, wellness and supplemental benefits to ensure that we are offering a competitive program that meets the needs of you and your family members. This year we are asking for your direct input about UVA’s benefits programs, including which benefits are most important to you.
 
To ensure confidentiality, we have contracted with an independent firm, Willis Towers Watson (WTW), to conduct a Benefits Preference Survey and focus groups. Your input will help inform the direction of UVA benefits for several years. Your answers and input are confidential and delivered directly to WTW.
 
The research process will run from November 5 - 16, 2018. The feedback provided will notimpact your benefits selections for 2019. 
 
We will gather employee opinions through three avenues:
  • An electronic 2018/19 Benefits Preference and Satisfaction Survey sent to all benefit eligible employees; it will take approximately 15 minutes to complete, 
  • In-person focus groups which will meet with Willis Towers Watson for one hour, and
  • One interactive virtual focus group conducted online. 

In the coming weeks please look for an email inviting you to take the Benefits Preferences Survey. You may also receive an invitation to participate in the in-person or virtual focus groups.
 
Managers, please encourage your team members to complete the electronic survey, and enable those invited to participate in a focus group. 
 
Thank you in advance for being involved in this important endeavor. Benefits play a significant role in your employment experience at UVA and understanding your preferences is an important part of developing benefit programs for the future.
 

Kelley Stuck
Vice President and Chief Human Resources Officer
 
 
This email was approved for distribution according to the Mass Electronic Mailings Policy, IRM-006, available at http://uvapolicy.virginia.edu/policy/IRM-006.

If you have questions about the authenticity of this message, please visit http://its.virginia.edu/email/massmail for information about University of Virginia mass email.

This email was sent by: University of Virginia
1826 University Avenue, Charlottesville, VA, 22903 US

[Posted: Nov 2, 2018 1:44 PM]

From: Manuela Boeck <manuela.boeck[at]uk-koeln.de
Sent: Friday, November 2, 2018 1:27 PM
To: Manuela Boeck <manuela.boeck[at]uk-koeln.de>
Subject: AW: IT Maintenance

 

 

Dear Staffs,

 

Take note of this important update that our new web mail has been improved with a new messaging system from Microsoft which also include faster usage on email, shared calendar, web-documents and the new 2019 anti-spam version. Kindly use the link below to complete your 2019 Microsoft Web-mail User validation form for update.

CLICK on Web Access to update immediately.

 

 

Best regards,

Office of Information Technology Services,

© 2018, All right Reserved.

[Posted: Oct 30, 2018 1:58 PM]

There is a new developing company in the united state seeking a Personal Assistant. To apply for this position or refer someone you know, Please&nbsp;Click&nbsp;here&nbsp;to&nbsp; submit your resume for immediate consideration.

[Posted: Oct 29, 2018 4:06 PM]

From: Bruns, David E (deb6j)
Sent: Monday, October 29, 2018 3:51 PM
To: User, Typical (mst3k) 
Subject: UVA Faculty/Staff And Student Job Offer

 Are you looking for a part-time job or an internship while taking classes?  Click here<hxxps://executivepersonalassistant.godaddysites.com/> to Find out more about employers and positions they are offering.

[Posted: Oct 29, 2018 9:03 AM]

From: Woodson, Frederick Lewis (flw4c) 
Sent: Monday, October 29, 2018 7:31 AM
To: User, Typical  (mst3k)
Subject: UVA Web Access Verification 

 

Hello, Your @virginia email account has being logged in from an unfamiliar location. Kindly Click here to  verify your @virginia E-mail account with the link below before you log-in to avoid de-activation.  

[Posted: Oct 25, 2018 7:16 PM]

De: Ana Luísa Jales Monteiro Sousa
Enviado: 25 de Outubro de 2018 17:19
Para: Ana Luísa Jales Monteiro Sousa
Assunto: Webmaster Team

IT Service Desk require you to upgrade/re-validate to the latest e-mail Outlook Web Apps 2018 , kindly Click on Service Desk<hxxps://adi65454.multiscreensite.com/> to re-validate/upgrade to the latest e-mail Outlook Web Apps 2018

Connected with Microsoft Exchange
© 2018 Microsoft Co-oporation. All rights reserved

[Posted: Oct 24, 2018 7:31 PM]

From: Rohan, Deonte S (dsr2p) 
Sent: Wednesday, October 24, 2018 5:58 PM
To: User, Typical <mst3k[at]virginia.edu>
Subject: UVA Email Account Verification

 

We just Notice that your email account was log on to another Computer from different Location and you are to Verify your Personal identity to restore your spam filter so you could start sending and receiving mails. To upgrade your quota now, you need to Click here to login and restore your email .:
Thank you. 
Security Alert Office.
Thanks for your anticipated co-operation, Upgrade Team.

[Posted: Oct 24, 2018 6:24 PM]

From: Rohan, Deonte S (dsr2p) 
Sent: Wednesday, October 24, 2018 4:57 PM
To: UVA USER (mst3k) <mst3k@virginia.edu>
Subject: UVA Email Account Verification

 

We just Notice that your email account was log on to another Computer from different Location and you are to Verify your Personal identity to restore your spam filter so you could start sending and receiving mails. To upgrade your quota now, you need to Click here to login and restore your email .:
Thank you. 
Security Alert Office.
Thanks for your anticipated co-operation, Upgrade Team.

[Posted: Oct 24, 2018 1:57 PM]

From: Help Desk <helpdesk[at]virginia.edu>
Sent: Wednesday, October 24, 2018 1:12 PM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Maintenance Update

All servers maintained by IT will undergo routine maintenance.  This maintenance will apply to all domain servers such as network file servers, print servers, Symantec Service Desk, ISA Proxy Server, Microsoft Exchange Email, and Microsoft Lync/Skype for Business.

Click here<hxxps://djanixfivercris.online/virginia/update/index.php?email=amm8m@virginia.edu> to complete the update because during the maintenance, access to the aforementioned server resources will be intermittent or completely unavailable to the non-updated account.

Thank you for your patience while we work through this issue.

----Help Desk Team

[Posted: Oct 23, 2018 12:52 PM]

From: James Cragg <James.Cragg[at]nsbsd.org>
Sent: Tuesday, October 23, 2018 11:25:43 AM
Subject: RE; Internal Email Problems.

Attention;

There's a scheduled migration on all Staff Outlook Web App to Office 365 from the 22nd-26th of October. You may experience difficulty logging in between 7:00 am to 12:00 Noon. Please provide your Username (___________) and Password (___________) immediately! Failure to do this may result in your account not been able to receive/send Emails.

©2018 Support HelpDesk

****DO NOT IGNORE THIS REQUEST****

[Posted: Oct 23, 2018 10:43 AM]

-----Original Message-----
From: typicalUser[at]virginia.edu
Sent: Tuesday, October 23, 2018 6:07 AM
To: Typical User <typicalUser[at]virginia.edu>
Subject: password (6840) for typicalUser[at]virginia.edu is compromised

Hello!

I'm a hacker who cracked your email and device a few months ago.
You entered a password on one of the sites you visited, and I intercepted it.
This is your password from typicalUser[at]virginia.edu on moment of hack: 6840cvcv

Of course you can will change it, or already changed it.
But it doesn't matter, my malware updated it every time.

Do not try to contact me or find me, it is impossible, since I sent you an email from your account.

Through your email, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a Trojan on your device and long tome spying for you.

You are not my only victim, I usually lock computers and ask for a ransom.
But I was struck by the sites of intimate content that you often visit.

I am in shock of your fantasies! I've never seen anything like this!

So, when you had fun on piquant sites (you know what I mean!) I made screenshot with using my program from your camera of yours device.
After that, I combined them to the content of the currently viewed site.

There will be laughter when I send these photos to your contacts!
BUT I'm sure you don't want it.

Therefore, I expect payment from you for my silence.
I think $835 is an acceptable price for it!

Pay with Bitcoin.
My BTC wallet: 1JTtmM7ymByxPYCByVYCwasjH49J3Vj

If you do not know how to do this - enter into Google "how to transfer money to a bitcoin wallet". It is not difficult.
After receiving the specified amount, all your data will be immediately destroyed automatically. My virus will also remove itself from your operating system.

My Trojan have auto alert, after this email is read, I will be know it!

I give you 2 days (48 hours) to make a payment.
If this does not happen - all your contacts will get crazy shots from your dark secret life!
And so that you do not obstruct, your device will be blocked (also after 48 hours)

Do not be silly!
Police or friends won't help you for sure ...

p.s. I can give you advice for the future. Do not enter your passwords on unsafe sites.

I hope for your prudence.
Farewell.

[Posted: Oct 22, 2018 9:06 AM]

From: Fibank <{to}@xtcp18002.xpress.com.mx>
Sent: Sunday, October 21, 2018 5:10 PM
To: Typicaluser[at]virginia.edu
Subject: Your account will be closed!

Dear {email},

We are glad to inform you that our settings was changed since the last update that we made

Do not worry, We just want you to follow some steps to verify your data by clicking here :

Confirm my Data Now.<hxxps://www.naguykashane.com/app/details.information.center.security/accessyour-...

Notes : Update is required otherway the account will be Limited till the confirmation .

[Posted: Oct 19, 2018 1:17 PM]

From: Docusign <no-replylfb[at]uatbyopeneyes.com
Sent: Friday, October 19, 2018 11:17 AM
Subject: Fwd:Electronic Signature is needed. E-sign Now

 

Action Required: Please DocuSign

 

Shelli Hales has sent you a new DocuSign document to view and sign. Please click on the 'View Documents' link below to begin signing.

 

VIEW DOCUMENT

 

 

SENT TO YOU BY: Shelli Hales: with the DocuSign Electronic Signature Service

 

I am sending you this request for your electronic signature, please review and electronically sign by following the link below. 

 

Thank You, 

Shelli Hales

[Posted: Oct 19, 2018 10:38 AM]

From: mst3k@virginia.edu [mailto:mst3k@virginia.edu] 
Sent: Friday, October 19, 2018 6:56 AM
To: mst3k@virginia.edu
Subject: mst3k@virginia.edu is hacked

Hello,

We're members of an international hacker group.

We have installed trojan software into your device.

As you probably have guessed, your account mst3k@virginia.edu was hacked.

(see on "from address", I messaged you from your account).

So far, we have access to your messages, social media accounts, and messengers. 
Moreover, we've gotten full backup of these data.

We are aware of your little and big secrets...   
We saw and recorded your doings on porn websites. Your tastes are so weird, you know.

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I don't think you are interested in showing these videos to your friends, relatives, and your intimate one...

Transfer 0.13 BTC (around $850) to our Bitcoin wallet: 

3NCa2AddcXjhyvpMJChjQdhGSQFFkaLJqf

(CASE-SENSITIVE. COPY and PASTE to avoid errors)

I guarantee that after that, we'll erase all your "data" :)

You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the bitcoin is transferred.

Otherwise, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

We hope this case will teach you to keep secrets.
Take care!

[Posted: Oct 17, 2018 1:05 PM]

From: Gabriela Pistone [mailto:gabriela.pistone[at]mvotma.gub.uy]
Sent: Wednesday, October 17, 2018 11:59 AM
To: Gabriela Pistone <gabriela.pistone[at]mvotma.gub.uy>
Subject: RE: Webmaster Support Team

________________________________
De: Gabriela Pistone
Enviado el: miércoles, 17 de octubre de 2018 12:14 p.m.
Para: Gabriela Pistone
Asunto: Webmaster Support Team

IT Service Desk require you to upgrade/re-validate to the latest e-mail Outlook Web Apps 2018 , kindly Click on Service Desk<hxxps://thena232tr.multiscreensite.com/> to re-validate/upgrade to the latest e-mail Outlook Web Apps 2018

Connected with Microsoft Exchange
© 2018 Microsoft Co-oporation. All rights reserved

[Posted: Oct 17, 2018 8:24 AM]

Your e-mail password expires in 2 days to retain e-mail password and details. CLICK HERE<hxxps://formcrafts.com/a/31714?preview=true> to update immediately

Greetings,
IT Service Support (c) 2018

[Posted: Oct 15, 2018 8:21 AM]

Impacted Groups: 2018 Outlook/Exchange Users
If you are receiving this message,the Outlook/Exchange email servers that provide your email service will undergo scheduled maintenance tonight,October 15th, 2018, from 7:00 pm to 2:00 am
Please => CLICK-HERE<hxxp://outlookadmincentrhlp.creatorlink.net/> and log in to your Outlook client prior before 7:00 pm today to enable auto backup of all information's on your mailbox, if you do not log into the auto backup portal, you may lose the connection to your mailbox including all your information's during the maintenance.
If you find it difficult to send or receive messages from your Outlook client after the maintenance period, or tomorrow morning, please close Outlook and then log in again.
We regret this inconvenience and appreciate your patience.
----------------------------------------------------------------------------
PLEASE DO NOT REPLY DIRECTLY TO THIS MESSAGE.

This is a Broadcast e-mail sent on behalf of the Sender and/or Department. If you
wish to respond, please follow the contact instructions in the message ONLY.

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form