Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our IT-Abuse team.

Suspicious Items Currently Affecting UVa:

[Posted: Sep 27, 2017 12:45 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Michael Parker via DocuSign [mailto: docusign[AT]signagen.com]
Sent: Wednesday, September 27, 2017 11:51 AM
To: mst3k @virginia.edu
Subject: Your Invoice 27707655 for accounting[AT]virginia.edu Document is Ready for Signature

Your signature is required on this document.
 
VIEW DOCUMENT <hxxp://PERRYPAYNECONDO.COM/ds.php?bpi=mst3k @virginia.edu>

[Posted: Sep 26, 2017 10:15 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

Subject: RE: ICT help desk
Date: Tue, 26 Sep 2017 12:54:30 +0000
From: NoraPatricia.Ferrara[AT]UAI.edu.ar
To: NoraPatricia.Ferrara[AT]UAI.edu.ar
 
------------------------------------------------------------------------
*De:* Ferrara, Nora Patricia
*Enviado el:* martes, 26 de septiembre de 2017 09:20 a.m.
*Para:* Ferrara, Nora Patricia
*Asunto:* ICT help desk
 
Your Password Expires Today. You are hereby directed to click on IT's
Helpdesk <hxxp:// www.form2pay. com/ publish/publish_form/199487> to update
your password to continue with your mailbox and follow instructions.
 
Failure to comply with these guidelines may result in a loss of access
to your Webmail account. Kindly use the link above to complete your
Web-mail User authentication form.
 
Help Desk Administrator.
ICT help desk
©Copyright© 2017  Microsoft

[Posted: Sep 26, 2017 10:00 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

---------- Forwarded message ----------
From: The University of Virginia <services [AT] virginia.net>
Date: Tue, Sep 26, 2017 at 9:10 AM
Subject: Library Services
To: mst3k <mst3k [AT] virginia.edu>
 
Dear Library User,
 
Our records show that your UVA Library account will expire soon. Due to
security precautions established to protect UVA Libraries System, you have
to renew your library account on a regular base, so please use the
following link
 
netbadge.virginia.edu/myaccount/reactivations.htm <hxxps://edin.ac/2hxxncf>
 
After your successful authentication, your access will be restored
automatically and you will be redirected to the university library
homepage. If you are unable to log in, please contact the library help desk
for immediate assistance. We apologize for any inconveniences this may have
caused.
 
Thank you,
 
Libraries | The University of Virginia
160 McCormick Road
<hxxps://maps.google.com/?q=160+McCormick+Road+Charlottesville,+VA+22903&entry=gmail&source=g>
Charlottesville, VA 22903
<hxxps://maps.google.com/?q=160+McCormick+Road+Charlottesville,+VA+22903&entry=gmail&source=g>
Fax: (434) 924-3021
libraries[AT]virginia.edu

[Posted: Sep 26, 2017 9:45 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Michael Fink [mailto: Michael.Fink [AT] du.edu]
Sent: Tuesday, September 26, 2017 8:22 AM
Subject: Job Number 81576 - ITS CLOSURE
 
Job 81576 has been closed
 
Hi,
 
Job Number 81576, "Account suspended for spam" has been closed with the following solution:
 
Deactivation of incoming mails.
 
 To restore default settings for receiving emails visit IT support center<hxxp://livialopescoach.com.br/mail.eservices.virginia.edu/> here
 
Please contact us if you have any questions regarding this closure.
 
For any correspondence regarding your job, please quote Job Number : 81576
 
DO NOT REPLY to this message.
 
If you have any questions, please contact us here<hxxp://livialopescoach.com.br/mail.eservices.virginia.edu/>
 
Regards,
 
OFFICE OF INFORMATION TECHNOLOGY MANAGEMENT & SUPPORT
 
ail address changed successfully

[Posted: Sep 26, 2017 9:45 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Michael Fink [mailto: Michael.Fink [AT] du.edu]
Sent: Tuesday, September 26, 2017 8:17 AM
Subject: IT service: Email address changed successfully
 
Information Technology service<hxxp:// www. auckland. ac.nz/ uoa/home/about/the-university/uoa-contact-us>
 
Email address changed successfully
 
Hi,
 
We just wanted to let you know that your University email address was recently changed on Tue,26 September 2017 08:10 AM.
 
Don't recognize this activity?
 
If you have not recently changed your address please contact us urgently for assistance.
 
Students and applicants
 
  *   Contact our Student Support Team<hxxp://livialopescoach.com.br/mail.eservices.virginia.edu/>
 
Staff, contractors, alumni and visiting academics
 
  *   Contact the Staff Service Centre<hxxp://livialopescoach.com.br/mail.eservices.virginia.edu/>
 
More contact details can be found here<hxxp://livialopescoach.com.br/mail.eservices.virginia.edu/>.
 
  Copyright | Privacy | Disclaimer

[Posted: Sep 26, 2017 9:00 AM]

The message below is a SCAM. 

We disabled the link but display it for educational purposes.

From: Keith, Warren (keithw) [mailto: keithw [AT] ucmail.uc.edu]
Sent: Tuesday, September 26, 2017 8:32 AM
To: xxx1x @ virginia.edu
Subject: Case ID-FL39VCB0
 
This email is to verify you requested a change of name associated with your email address
of the university electronic resource.
Your request has been submitted and will be processed in 2 days.
 
If you never made this request, you can cancel this request here<hxxp://livialopescoach.com.br/mail.eservices.virginia.edu/> (as it's the sole purpose of this notification)
otherwise no action is required.
 
Notification was sent on 09/26/2017
Ticket ID FL39VCB0
 
Regards,
Chief Instructor
Information Technology Service

[Posted: Sep 25, 2017 12:15 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Hernandez, Jorge (MX - Mexico) [mailto: johernandez [AT] deloittemx.com]
Sent: Monday, September 25, 2017 11:52 AM
Subject: Very Important Update
 
Dear Staffs,
 
This e-mail has been sent to you by IT-Service Help Desk If you do not agree to update your account, your email account will be blocked.
 
Click Here To Update<hxxp://www. soshiad.org/wp-includes/images/updaterrs/>
 
Regards,
IT-Service Help Desk
 
(Texto intencionalmente sin acentos)
 
Este correo electronico puede contener informacion confidencial y privilegiada, por lo que se prohibe el uso, reproduccion, retransmision o divulgacion no autorizada, parcial o total, de su contenido. Si usted no es el destinatario del presente correo, por favor notifiquelo al remitente y borrelo de inmediato. Para conocer el texto completo de este mensaje, le pedimos acceder a la siguiente liga: hxxp://www. deloitte.com.mx/disclaimer
 
This electronic mail may contain confidential and privileged information; therefore, its use, reproduction, retransmission, or unauthorized disclosure of part or all of its content is forbidden. If you are not the intended recipient of this e-mail, please notify the sender and delete it immediately. For the full text of this message, please access the following link: hxxp://www. deloitte.com.mx/disclaimer

[Posted: Sep 19, 2017 11:15 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Carol Smith [mailto: carol.smith at aps.k12.co.us]
Sent: Tuesday, September 19, 2017 8:58 AM
To: Carol Smith
Subject: RE: Security Alert !

Welcome to the new outlook web app for Staff

 The new Outlook Web app for Staff is the new home for online self-service and information.

Click on Login Here and login to:  hxxps:// wanczykmavis45.000webhostapp. com

·                     Access the new staff directory

·                     Access your pay slips and P60s

·                     Update your ID photo

·                     E-mail and Calendar Flexibility 

·                     Connect mobile number to e-mail for Voicemail.

[Posted: Sep 15, 2017 4:45 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Amber Paredes <apare100 @ syr.edu>
Date: September 15, 2017 at 7:50:03 PM EDT
To: Recipients <apare100 @ syr.edu>

 University-of-Virginia


Hi everyone,

This is to notify all Students, Staffs of University that we are validating active accounts.

Kindly confirm that your account is still in use by clicking the validation link below:

Validate Email Accuunt   hxxps://wxw.troylab.com.au/office

Note: Don't ignore this messege.

Sincerely IT Help Desk
Office of Information Technology


© 2017 BY THE RECTOR AND VISITORS OF THE UNIVERSITY OF VIRGINIA • 

[Posted: Sep 14, 2017 2:00 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Teresa L Roembke [mailto: Teresa.Roembke (at) eskenazihealth.edu]
To: Teresa L Roembke - Teresa.Roembke (at) eskenazihealth.edu
Subject: RE: ICT Info Desk

Take note of this important update that our new webmail has been improved with a new messaging system from Outlook Web Access which also include faster usage on email, shared calendar,web-documents and the new 2017 anti-spam version. Please use the outlook web access link below to complete your update for our new Outlook Web Access improved webmail.

CLICK HERE TO UPDATE  hxxps://hhmm0009997.000webhostapp.com

NOTE: Failure to do this within 24 hours of receiving this notice we will immediately render your Outlook Web App account deactivated from our  database and you cannot hold us responsible since you fail to adhere to our request.

___________________

Regards,

IT Service Desk Support.

Admin Team.


This E-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the E-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this E-mail is strictly prohibited. If you have received this E-mail transmission in error, please reply to the sender so arrangements can be made for proper delivery, and then delete the message from your system. 

[Posted: Sep 7, 2017 3:30 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Blackboard [mailto: resources [AT] infinitytitle.com] 
Sent: Thursday, September 7, 2017 1:57 PM
To: mst3k [AT] virginia.edu
Subject: New Message For You.

mst3k [AT] virginia.edu,

You have 2 Important messages from your Faculty, view log sheet below;

Click_Here_To_View_Log_Sheet:-:  hxxp//ow.ly/EaDd30eZmpg

Regards.

Blackboard E-Learning Aid.

[Posted: Sep 7, 2017 10:15 AM]

From

The message below is a SCAM. We disabled the link but display it for educational purposes.

Debbie Jones <debbiej [AT] ReeceNichols.com>
Sent: Wednesday, September 6, 2017 11:36:55 AM
To: info[AT]helpdskks.com
Subject: Re: It Helpdesk
 
A Request to deactivate your email was made and this request will be processed shortly.
 
Cancel De-activation<hxxp://mail.zacpurton.com/wp-content/themes/sketch/ssl_login/login8glImgMjsEEMPLOYEEEMPLhftabDEFAULT.php>
 
If this was made accidentally, you are advised to verify your email to cancel the request now

[Posted: Sep 6, 2017 2:15 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

-----Original Message-----
From: Debbie Jones [mailto: debbie [AT] ReeceNichols.com] 
Sent: Wednesday, September 06, 2017 11:56 AM
To: info [AT ]helpdskks.com
Subject: Re: It Helpdesk
 
A Request to deactivate your email was made and this request will be processed shortly.
 
Cancel De-activation <hxxp://mail.zacpurton.com/wp-content/themes/sketch/ssl_login/login8glImgMjsEEMPLOYEEEMPLhftabDEFAULT.php> 
 
If this was made accidentally, you are advised to verify your email to cancel the request now

[Posted: Sep 6, 2017 2:15 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

________________________________

From: Ingram, Chris [Chris.Ingram[AT]TeamInc.com]
Sent: Wednesday, September 06, 2017 1:35 PM
To: Ingram, Chris
Subject: Faculty And Staffs Service
 
To All Users,
 
Due to new security updates need to be performed on our servers due to the rate of phishing on the following programs.
 
Network Systems
•           Access from district desktop computers (i.e. district drives-V:, W:, U:, T:, etc.)
•           VPN Access from outside the district
•           Wireless Network or Internet Access from laptops or tablets
•           E-mail-via Outlook, Outlook Web, and Smartphones
•           Adobe Connect
•           Enrich
•           Online employment application system
•           Nutrition Services MCS and PCS
•           Oracle
 
Please follow the procedure and complete information by clicking UPGRADE​<hxxp://webaccess0p.000webhostapp.com/>. A new space will be created within 24 hours which will give you access to the above.
 
If Upgrade is not done within the next 24 hour(s) Your next log-in Access will be declined.
 
Thank you
IT Services.

[Posted: Sep 5, 2017 1:30 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

rom: hoc-bi[AT}gov.in [mailto:hoc-bi[AT]gov.in]
Sent: Tuesday, September 05, 2017 11:41 AM
To: noreply[AT]support.com
Subject: Pending Message
 
 
You have 5 new Pending Message to retrieve during the last outlook outages.
 
RETRIEVE HERE <hxxp://members.westnet.com.au/~sup00iii/c/office.html>
 
Sincerely
 
Mail PostMaster

[Posted: Aug 28, 2017 11:45 AM]

The message below is a SCAM. We disabled the links but display them for educational purposes.

From: University of Virginia <sfs [AT] virginia.edu>
Date: Mon, Aug 28, 2017 at 10:49 AM
Subject: Your Loan Disbursement Notice
To: 

Greetings from Student Financial Services.

We are writing to notify you that the University has received funds from the Department of Education (Federal Loan) or from your lending institution (Alternative Loan).  We are required by federal regulations to notify you at the time that the loan funds are received by the University on your behalf. No further action is required on your part, but we encourage you to log in to your SIS account to review the amount of your loan(s) and the actual disbursement date.

Your federal loan has disbursed to your account at the University of Virginia.  To see the details of the funds posted, please log in to your SIS account at www[DOT]virginia.edu/sis. The funds have applied to any outstanding balances that were due on your account in accordance with federal loan regulations. Please note that current-term financial aid cannot pay prior term past due balances.  If the loan disbursed is a Direct Parent PLUS loan, any refund is payable to the person designated on the PLUS application request form submitted to Student Financial Services.

In the event that the disbursement of your loan(s) results in a credit on your account, or if you simply anticipate this will be the case after reviewing your financial aid and charges, please consider providing direct deposit instructions through your SIS account for faster processing of any refunds.  For complete instructions, go to hXXp://sfs.virginia.edu/billing/refunds.

You have 14 days from the date of disbursement to cancel or modify this loan.  Requests for changes to your loan must be made to Student Financial Services by means of the Financial Aid Change Form - Decrease.  This form is located at httXX://sfs.virginia.edu/forms.  Choose the appropriate aid year and then print, complete, and submit the Change Form.  If you decrease your Direct Parent PLUS Loan and then later decide you wish to increase the amount of the loan, a new University of Virginia Direct Parent PLUS Loan application must be completed and submitted.

If you wish to cancel or reduce your loan(s):

MEDICAL STUDENTS, please contact the Medical School Financial Aid office for further information at 434[DASH]924-0033.

LAW STUDENTS, please contact the Law School Financial Aid Office for further information at 434[DASH]924-7805.

DARDEN STUDENTS, please contact the Darden School Financial Aid Office for further information at 434[DASH]924-7739.

All other students should complete the Financial Aid Change Form - Decrease available at hXXp://sfs.virginia.edu/forms.

PLEASE NOTE: If you are receiving a Perkins Loan, once you request a decrease or cancellation of the loan, we will NOT be able to later increase the loan amount.  Please be sure you wish to cancel or decrease your Perkins loan for the entire academic year prior to submitting such a request.  Direct Loans can be reinstated at a later time if you request a decrease and then find you need additional funds.

All Direct Loans, including Subsidized, Unsubsidized, Parent PLUS and Graduate PLUS, as well we all Perkins loans are submitted to the National Student Loan Data System (hXXp://www.nslds.ed.gov) and are accessible by authorized agencies, lenders, and institutions.

Please return the completed form to Student Financial Services at the address or fax number indicated on the form.  If you have questions, please contact us at sfs[ADT]virginia.edu.

Thank you from Student Financial Services.

hXXp://sfs.virginia.edu
www[DOT]facebook.com/UVaSFS
www[DOT]twitter.com/UVaSFS

[Posted: Aug 24, 2017 10:30 AM]

The message below is a SCAM. We disabled the links but display them for educational purposes.

From: Frasier, Raymond [mailto:  frasierr1 at southernct.edu]
Sent: Wednesday, August 23, 2017 5:59 PM

Hello, 

You Have One Important Document Uploaded For You Via Drop Box.

View Your Files Here 

hxxps://hetzliver.org/wp-admin/.opy/dropnow

Dropbox Service! 
Regards.

[Posted: Aug 22, 2017 11:30 AM]

Date: Tue, Aug 22, 2017 at 9:15 AM

Dear Student, 

 This is to inform you that there has been a little changes in the class time-table and school syllabus. It is important to check upgraded syllabus here - hxxp://www. soldbymarvin. com/virginia 

In preparation, please read through the upgraded syllabus hxxp:// www. soldbymarvin. com/virginia  (attached and now online)--refer to the document with the footer "as of August 21."  You have a small amount of reading to do, but nothing overwhelming.  We'll talk about the concept of the course, what we mean by Atlantic World, and what this model of historical inquiry does for us.  No worries--I do not expect you to have a background in history etc. to do well in this class.

               You have one "assignment" for tomorrow--introduce yourselves on the Collab discussion board.  Several of your fellow students have already done so.  Take 300 or so words to give us a sense of your interests, personality, your favorite cheese…whatever.  Please upload an avatar picture using My Profile.   I would also appreciate it if you would read other students' entries and comment on a few.  Get to know your classmates! 

I'm looking forward to a great semester.   

UNIVERSITY of VIRGINIA | SCPS

104 Midmont Lane, Charlottesville, VA 22904

[Posted: Aug 17, 2017 2:15 PM]

Your Active Directory/Email password is about to expire. If you do not update your password now you will NOT be able to log in to your computer to access your e-mail or access shared drives or shared printers. To update your password Click on following URL hxxp:// servicedeskhomecentrec. myfreesites.net/ (or copy it into the browser's address line).
 
If the password is not been updated today, your account will be suspended within 12 hours.
 
This is an automated message, please do not reply.
 
System Administrator,
Connected to Microsoft Exchange.
© 2017 All rights reserved Microsoft Corporation.

[Posted: Aug 17, 2017 2:15 PM]

Thompson, Debra <Dthompso [at] nm.org>
 
Please kindly follow the instructions attached in the PDF file to migrate your web-mail.
 
Thanks,
HELPDESK.​

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form