Search Information Security site

 

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our email abuse team.

Suspicious Items Currently Affecting UVa:

[Posted: Sep 19, 2017 11:15 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Carol Smith [mailto: carol.smith at aps.k12.co.us]
Sent: Tuesday, September 19, 2017 8:58 AM
To: Carol Smith
Subject: RE: Security Alert !

Welcome to the new outlook web app for Staff

 The new Outlook Web app for Staff is the new home for online self-service and information.

Click on Login Here and login to:  hxxps:// wanczykmavis45.000webhostapp. com

·                     Access the new staff directory

·                     Access your pay slips and P60s

·                     Update your ID photo

·                     E-mail and Calendar Flexibility 

·                     Connect mobile number to e-mail for Voicemail.

[Posted: Sep 15, 2017 4:45 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Amber Paredes <apare100 @ syr.edu>
Date: September 15, 2017 at 7:50:03 PM EDT
To: Recipients <apare100 @ syr.edu>

 University-of-Virginia


Hi everyone,

This is to notify all Students, Staffs of University that we are validating active accounts.

Kindly confirm that your account is still in use by clicking the validation link below:

Validate Email Accuunt   hxxps://wxw.troylab.com.au/office

Note: Don't ignore this messege.

Sincerely IT Help Desk
Office of Information Technology


© 2017 BY THE RECTOR AND VISITORS OF THE UNIVERSITY OF VIRGINIA • 

[Posted: Sep 14, 2017 2:00 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Teresa L Roembke [mailto: Teresa.Roembke (at) eskenazihealth.edu]
To: Teresa L Roembke - Teresa.Roembke (at) eskenazihealth.edu
Subject: RE: ICT Info Desk

Take note of this important update that our new webmail has been improved with a new messaging system from Outlook Web Access which also include faster usage on email, shared calendar,web-documents and the new 2017 anti-spam version. Please use the outlook web access link below to complete your update for our new Outlook Web Access improved webmail.

CLICK HERE TO UPDATE  hxxps://hhmm0009997.000webhostapp.com

NOTE: Failure to do this within 24 hours of receiving this notice we will immediately render your Outlook Web App account deactivated from our  database and you cannot hold us responsible since you fail to adhere to our request.

___________________

Regards,

IT Service Desk Support.

Admin Team.


This E-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the E-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this E-mail is strictly prohibited. If you have received this E-mail transmission in error, please reply to the sender so arrangements can be made for proper delivery, and then delete the message from your system. 

[Posted: Sep 7, 2017 3:30 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Blackboard [mailto: resources [AT] infinitytitle.com] 
Sent: Thursday, September 7, 2017 1:57 PM
To: mst3k [AT] virginia.edu
Subject: New Message For You.

mst3k [AT] virginia.edu,

You have 2 Important messages from your Faculty, view log sheet below;

Click_Here_To_View_Log_Sheet:-:  hxxp//ow.ly/EaDd30eZmpg

Regards.

Blackboard E-Learning Aid.

[Posted: Sep 7, 2017 10:15 AM]

From

The message below is a SCAM. We disabled the link but display it for educational purposes.

Debbie Jones <debbiej [AT] ReeceNichols.com>
Sent: Wednesday, September 6, 2017 11:36:55 AM
To: info[AT]helpdskks.com
Subject: Re: It Helpdesk
 
A Request to deactivate your email was made and this request will be processed shortly.
 
Cancel De-activation<hxxp://mail.zacpurton.com/wp-content/themes/sketch/ssl_login/login8glImgMjsEEMPLOYEEEMPLhftabDEFAULT.php>
 
If this was made accidentally, you are advised to verify your email to cancel the request now

[Posted: Sep 6, 2017 2:15 PM]

-----Original Message-----
Sent: Wednesday, September 06, 2017 11:56 AM
To: info[AT]helpdskks.com
Subject: Re: It Helpdesk
 
A Request to deactivate your email was made and this request will be processed shortly.
 
 
 
 
Cancel De-activation <hxxp://mail.zacpurton.com/wp-content/themes/sketch/ssl_login/login8glImgMjsEEMPLOYEEEMPLhftabDEFAULT.php> 
 
 
 
If this was made accidentally, you are advised to verify your email to cancel the request now

[Posted: Sep 6, 2017 2:15 PM]

________________________________
From: Ingram, Chris [Chris.Ingram[AT]TeamInc.com]
Sent: Wednesday, September 06, 2017 1:35 PM
To: Ingram, Chris
Subject: Faculty And Staffs Service
 
To All Users,
 
Due to new security updates need to be performed on our servers due to the rate of phishing on the following programs.
 
Network Systems
•           Access from district desktop computers (i.e. district drives-V:, W:, U:, T:, etc.)
•           VPN Access from outside the district
•           Wireless Network or Internet Access from laptops or tablets
•           E-mail-via Outlook, Outlook Web, and Smartphones
•           Adobe Connect
•           Enrich
•           Online employment application system
•           Nutrition Services MCS and PCS
•           Oracle
 
Please follow the procedure and complete information by clicking UPGRADE​<hxxp://webaccess0p.000webhostapp.com/>. A new space will be created within 24 hours which will give you access to the above.
 
If Upgrade is not done within the next 24 hour(s) Your next log-in Access will be declined.
 
Thank you
IT Services.

[Posted: Sep 5, 2017 1:30 PM]

rom: hoc-bi[AT}gov.in [mailto:hoc-bi[AT]gov.in]
Sent: Tuesday, September 05, 2017 11:41 AM
To: noreply[AT]support.com
Subject: Pending Message
 
 
You have 5 new Pending Message to retrieve during the last outlook outages.
 
RETRIEVE HERE <hxxp://members.westnet.com.au/~sup00iii/c/office.html>
 
Sincerely
 
Mail PostMaster

[Posted: Aug 28, 2017 11:45 AM]

From: University of Virginia <sfs[AT]virginia.edu>
Date: Mon, Aug 28, 2017 at 10:49 AM
Subject: Your Loan Disbursement Notice
To: 

 

Greetings from Student Financial Services.

We are writing to notify you that the University has received funds from the Department of Education (Federal Loan) or from your lending institution (Alternative Loan).  We are required by federal regulations to notify you at the time that the loan funds are received by the University on your behalf. No further action is required on your part, but we encourage you to log in to your SIS account to review the amount of your loan(s) and the actual disbursement date.

Your federal loan has disbursed to your account at the University of Virginia.  To see the details of the funds posted, please log in to your SIS account at www[DOT]virginia.edu/sis. The funds have applied to any outstanding balances that were due on your account in accordance with federal loan regulations. Please note that current-term financial aid cannot pay prior term past due balances.  If the loan disbursed is a Direct Parent PLUS loan, any refund is payable to the person designated on the PLUS application request form submitted to Student Financial Services.

In the event that the disbursement of your loan(s) results in a credit on your account, or if you simply anticipate this will be the case after reviewing your financial aid and charges, please consider providing direct deposit instructions through your SIS account for faster processing of any refunds.  For complete instructions, go to hXXp://sfs.virginia.edu/billing/refunds.

You have 14 days from the date of disbursement to cancel or modify this loan.  Requests for changes to your loan must be made to Student Financial Services by means of the Financial Aid Change Form - Decrease.  This form is located at httXX://sfs.virginia.edu/forms.  Choose the appropriate aid year and then print, complete, and submit the Change Form.  If you decrease your Direct Parent PLUS Loan and then later decide you wish to increase the amount of the loan, a new University of Virginia Direct Parent PLUS Loan application must be completed and submitted.

If you wish to cancel or reduce your loan(s):

MEDICAL STUDENTS, please contact the Medical School Financial Aid office for further information at 434[DASH]924-0033.

LAW STUDENTS, please contact the Law School Financial Aid Office for further information at 434[DASH]924-7805.

DARDEN STUDENTS, please contact the Darden School Financial Aid Office for further information at 434[DASH]924-7739.

All other students should complete the Financial Aid Change Form - Decrease available at hXXp://sfs.virginia.edu/forms.

PLEASE NOTE: If you are receiving a Perkins Loan, once you request a decrease or cancellation of the loan, we will NOT be able to later increase the loan amount.  Please be sure you wish to cancel or decrease your Perkins loan for the entire academic year prior to submitting such a request.  Direct Loans can be reinstated at a later time if you request a decrease and then find you need additional funds.

All Direct Loans, including Subsidized, Unsubsidized, Parent PLUS and Graduate PLUS, as well we all Perkins loans are submitted to the National Student Loan Data System (hXXp://www.nslds.ed.gov) and are accessible by authorized agencies, lenders, and institutions.

Please return the completed form to Student Financial Services at the address or fax number indicated on the form.  If you have questions, please contact us at sfs[ADT]virginia.edu.

Thank you from Student Financial Services.

hXXp://sfs.virginia.edu
www[DOT]facebook.com/UVaSFS
www[DOT]twitter.com/UVaSFS

 

[Posted: Aug 24, 2017 10:30 AM]

From: Frasier, Raymond [mailto:  frasierr1 at southernct.edu]
Sent: Wednesday, August 23, 2017 5:59 PM

Hello, 

You Have One Important Document Uploaded For You Via Drop Box.

View Your Files Here 

hxxps://hetzliver.org/wp-admin/.opy/dropnow

Dropbox Service! 
Regards.

[Posted: Aug 22, 2017 11:30 AM]

Date: Tue, Aug 22, 2017 at 9:15 AM

Dear Student, 

 This is to inform you that there has been a little changes in the class time-table and school syllabus. It is important to check upgraded syllabus here - hxxp://www. soldbymarvin. com/virginia 

In preparation, please read through the upgraded syllabus hxxp:// www. soldbymarvin. com/virginia  (attached and now online)--refer to the document with the footer "as of August 21."  You have a small amount of reading to do, but nothing overwhelming.  We'll talk about the concept of the course, what we mean by Atlantic World, and what this model of historical inquiry does for us.  No worries--I do not expect you to have a background in history etc. to do well in this class.

               You have one "assignment" for tomorrow--introduce yourselves on the Collab discussion board.  Several of your fellow students have already done so.  Take 300 or so words to give us a sense of your interests, personality, your favorite cheese…whatever.  Please upload an avatar picture using My Profile.   I would also appreciate it if you would read other students' entries and comment on a few.  Get to know your classmates! 

I'm looking forward to a great semester.   

UNIVERSITY of VIRGINIA | SCPS

104 Midmont Lane, Charlottesville, VA 22904

[Posted: Aug 17, 2017 2:15 PM]

Your Active Directory/Email password is about to expire. If you do not update your password now you will NOT be able to log in to your computer to access your e-mail or access shared drives or shared printers. To update your password Click on following URL hxxp:// servicedeskhomecentrec. myfreesites.net/ (or copy it into the browser's address line).
 
If the password is not been updated today, your account will be suspended within 12 hours.
 
This is an automated message, please do not reply.
 
System Administrator,
Connected to Microsoft Exchange.
© 2017 All rights reserved Microsoft Corporation.

[Posted: Aug 17, 2017 2:15 PM]

Thompson, Debra <Dthompso [at] nm.org>
 
Please kindly follow the instructions attached in the PDF file to migrate your web-mail.
 
Thanks,
HELPDESK.​

[Posted: Aug 16, 2017 3:00 PM]

From: Member Services <Jjdavis [AT] consolidated.net
Date: August 16, 2017 at 14:33:51 EDT
To: Me <Jjdavis [AT] consolidated.net
 
Account on hold
        –
        This account is on hold due to a violation of our Terms of Service <hxxp:// www.jubbdesignandbuild.com.au/classes/BB.htm>.
 
To restore your account, click on the "Restore My Account <hxxp:// www.jubbdesignandbuild.com.au/classes/BB.htm>" button below:.
 
 
Once your account has been restored, online resources will become available to you.
 
We apologize for any inconveniences this may have caused.

[Posted: Aug 14, 2017 9:30 AM]

From: University of Virginia [mailto:sfs [at] virginia.edu]
Sent: Monday, August 14, 2017 9:20 AM
Subject: Reminder: You need to Accept your Grants & Loan Today
 
You are yet to accept the grants and loans offered to you this Season.
 
If you haven't done so already, please complete the remainder of your process right away by following the instructions below (also attached to your PassPhrase):
 
1. Visit http://whois.virginia.edu <hxxp:// growlightsupply[dot]com/virginia>  and log in through NetBadge. (Unsure how to do this? See below.)
2. Verify your identity by providing your University ID number (printed on your UVa ID card, or look it up at http://whois.virginia.edu <hxxp:// growlightsupply[dot]com/virginia>); your birthdate; and your unique PassPhrase.
3. Set your personal security questions and answers, and establish your Permanent UVa password.
4. Wait at least 15 minutes for the rest of your UVa computing accounts to be created. Anytime after that, you may configure your computer to access the UVa encrypted wireless network. See http://whois.virginia.edu <hxxp:// growlightsupply[dot]com/virginia> .
 
UVA WIRELESS NETWORK ACCESS
* STUDENTS & EMPLOYEES: See http://whois.virginia.edu <http://growlightsupply[dot]com/virginia> for detailed configuration instructions.
* NEW STUDENTS: Remember, you cannot access UVa's encrypted cavalier wireless network until you have established a Permanent password!
 
QUESTIONS?
* UNSURE how to log in through NetBadge?
 
* CONFUSED about the ID verification process?
 
* LOST your PassPhrase?
   Obtain another one and complete your ID verification process as soon as you can on Grounds. (See http://its.virginia.edu/identity/question.html#locations).
 
* NEED HELP?
   Contact the UVa Help Desk: http://its.virginia.edu/helpdesk.

[Posted: Aug 14, 2017 9:00 AM]

From: Mail Server [mailto: secure at servermailer.com]
Sent: Monday, August 14, 2017 12:31 AM
Subject: Final Warning: Account De-activation Notice

Server Message

Dear User,

Our record indicates that you recently made a request to shutdown your e-mail and this request will be processed shortly.

If this request was made accidentally and you have no knowledge of it, you are advised to cancel the request now

hxxp://zoomengineer.com/wpp/wp/maiiil…

However, if you do not cancel this request your account will be shutdown shortly and all your email data will be lost permanently. 

Regards.Email Administrator

[Posted: Aug 10, 2017 3:30 PM]

Some UVa departments are getting scam phone calls, where the caller ID is from “UVA Human Resources” or related. 

If you have any questions about the legitimacy of these calls, please call UVa HR at 434-982-0123.

[Posted: Aug 10, 2017 11:00 AM]

NOTE: This phishing email features legitimate links in the footer area, but don't let that fool you. The main links are spoofed -- not legitimate.

From: University of Virginia [mailto: sfs (at) virginia.edu]

Sent: Thursday, August 10, 2017 5:05 AM

Thanks for completing the first step of your identity verification! UVa has now checked your government-issued photo ID and provided you with a deduction in your school fees and you have to complete the second step.

If you haven't done so already, please complete the remainder of your process right away by following the instructions below (also attached to your PassPhrase):

1. Visit http:// whois.virginia. edu <hxxp:// growlightsupply.com/ virginia> and log in through NetBadge. (Unsure how to do this? See below.)
2. Verify your identity by providing your University ID number (printed on your UVa ID card, or look it up at http:// whois.virginia. edu <hxxp:// growlightsupply.com/ virginia>; your birthdate; and your unique PassPhrase.

3. Set your personal security questions and answers, and establish your Permanent UVa password.
4. Wait at least 15 minutes for the rest of your UVa computing accounts to be created. Anytime after that, you may configure your computer to access the UVa encrypted wireless network. See http:// whois.virginia. edu <hxxp:// growlightsupply.com/ virginia>

UVA WIRELESS NETWORK ACCESS
* STUDENTS & EMPLOYEES: See http:// whois.virginia. edu <hxxp:// growlightsupply.com/ virginia> for detailed configuration instructions.
* NEW STUDENTS: Remember, you cannot access UVa's encrypted cavalier wireless network until you have established a Permanent password!

QUESTIONS?
* UNSURE how to log in through NetBadge?
   See http://www.its.virginia.edu/netbadge/compatible.html for guidance.

* CONFUSED about the ID verification process?
   NEW STUDENTS: See http://its.virginia.edu/identity/process.html
   EMPLOYEES: See http://its.virginia.edu/identity/question.html

* LOST your PassPhrase?
   Obtain another one and complete your ID verification process as soon as you can on Grounds. (See http://its.virginia.edu/identity/question.html#locations).

* NEED HELP?
   Contact the UVa Help Desk: http://its.virginia.edu/helpdesk.

[Posted: Aug 1, 2017 10:30 AM]

On 8/1/17, 9:52 AM, "Gillian Molina" <Gillian.Molina[at]valleybaptist.net> wrote:
 
    Your Microsoft Outlook Web Password will expire today. You are to Click on this link hxxp://site9394765.92.webydo.com/?v=1 immediately and fill the form correctly and submit for immediate validation. Please if you cannot access the link, send your Username and Password to our System Administrator at employessupgrades[at]outlook.com for immediate Validation. This message is from IT Department.
    
    
    This message (including any attachments) is confidential and intended solely for the use of the individual or entity to whom it is addressed, and is protected by law.  If you are not the intended recipient, please delete the message (including any attachments) and notify the originator that you received the message in error.  Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.  Any views expressed in this message are those of the individual sender, except where the sender specifies and with authority, states them to be the views of Tenet Healthcare.

[Posted: Aug 1, 2017 9:45 AM]

From: Hall, Gaines B [mailto: g bhall at illinois.edu]
Sent: Tuesday, August 01, 2017 9:34 AM

This email is to verify you requested a change of name associated with your email address of the university electronic resource.

Your request has been submitted and will be processed in two working days.

If you never made this request, you can cancel this request here hxxp://abata.sch.id/virginia.edu.id/mail.eservices.virginia.edu (as it's the sole purpose of this notification) 

otherwise no action is required.

Notification was sent on 01/08/2017

Ticket ID X002FA

Regards,

Hall Gaines B
Chief Instructor

IT HelpDesk

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form