Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our IT-Abuse team.

Security Alerts and Suspicious Items Currently Affecting UVa:

[Posted: Apr 30, 2018 11:15 AM]

From: LUCAS DOS SANTOS BRAGA <lucas.braga6[at]etec.sp.gov.br> 
Sent: Tuesday, April 17, 2018 8:01 AM
Subject: Dear Email Owner

Dear Account User, Your account will be shut down due to several negligence of Messages regarding Account upgrade. To avoid Suspension please click HERE <hxxps://webservices412.weebly.com/>  and verify your account.

Thank you for your understanding.  

System Administrator Mail  

All Rights Reserved © 2018

[Posted: Apr 17, 2018 9:07 AM]

From: LUCAS DOS SANTOS BRAGA [mailto:lucas.braga6@etec.sp.gov.br] 
Sent: Tuesday, April 17, 2018 8:01 AM
Subject: Dear Email Owner

Dear Account User, Your account will be shut down due to several negligence of Messages regarding Account upgrade. To avoid Suspension please click HERE <hxxps://webservices412.weebly.com/>  and verify your account.

Thank you for your understanding.  

System Administrator Mail  

All Rights Reserved (c) 2018

[Posted: Apr 14, 2018 6:08 AM]

-----Sharon Lawson-Davis/HNH wrote: -----

From: Sharon Lawson-Davis/HNH
Date: 04/14/2018 03:55AM
Subject: IT Service Help Desk

 

Your mailbox is almost full.

1126MB   1224MB
Current size   Maximum size

Please CLICK HERE to increase your mailbox size. .

[Posted: Apr 11, 2018 3:33 PM]

From: Sue Yang [mailto:Sue.Yang[at]hss.com.au]
Sent: Wednesday, April 11, 2018 12:35 PM
To: Sue Yang <Sue.Yang[at]hss.com.au>
Subject: RE: Information Technology Services
Importance: High

Dear Staff Member,

Due to the on-going security upgrade, All Staff members are required to update their information
to the new security system to enable a faster, easier and more secure e-mail experience CLICK-HERE<hxxp://helpmailerboxer.ontrapages.com/>

Information Technology Services (ITS). Email Verification & Mail Quota Update.

[Posted: Apr 9, 2018 12:45 PM]

From: Tom Gould <TomGould[at]pfpleisure.org<mailto:TomGould[at]pfpleisure.org>>
Sent: Monday, April 9, 2018 10:51 AM
To: Tom Gould <TomGould[at]pfpleisure.org<mailto:TomGould[at]pfpleisure.org>>
Subject: RE: ADMIN

System Update Message

Help Desk Messages

Greetings Colleagues,

 Please be advised that today been Monday,April 9th, we will be performing system maintenance on our server.

*         All updates will begin after 7:00 pm and run to 10:00 pm.

*         There may be intermittent outages on CIS during this maintenance.  This includes CX, the Portal, and the ability to run reports.

Please CLICK-HERE<hxxp://helpdeskoperations.creatorlink.net/> to the auto backup portal and log in to your Outlook client prior before 7:00 pm today to enable auto backup of all information's on your mailbox, if you do not log into the auto backup portal, you may lose the connection to your mailbox including all your information's during the maintenance.

Thank you for your cooperation

Help Desk Staff

Connected to Microsoft Exchange
 (c) 2010 Microsoft Corporation. All rights reserved.

P Please consider the environment before printing this email
IMPORTANT: This e-mail may contain confidential information. If you are not the intended recipient it may be unlawful for you to read, copy, distribute, disclose or otherwise use the information contained in this e-mail. If you are not the intended recipient of this e-mail, please telephone, fax or e-mail us immediately: telephone:- (01276) 418200 fax:- (01276) 418199 e-mail:- webmaster@pfpleisure.org<mailto:webmaster@pfpleisure.org> Errors and omissions may occur in the contents of this e-mail arising out of or in connection with data transmission, network malfunction or failure, machine or software error or malfunction, or operator error. Places for People Leisure Management Ltd accepts no responsibility for any errors or omissions, and you are advised to confirm the accuracy of the contents of this e-mail before relying on it for any purpose. The contents of an attachment to this e-mail may contain software viruses, which could damage your computer system. While Places for People Leisure Management Ltd has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment. The laws of England and Wales govern issues related to the transmission and content of our emails. Places for People Leisure Management Ltd
Registered in England No. 2585598
Registered Office: : 80 Cheapside, London, EC2V 6EE

[Posted: Apr 5, 2018 9:06 AM]

request otherwise give us reasons to deactivate your university account.

Action Required

Am still active in the university:

Cancel this deactivation request.

Cancel request

 

Am still active but want my account deactivated:

Fill the form below stating clearly the reasons for this action.

 

View form (PDF)

 

If you have questions, please feel free to contact the university Information Security team at here

Office of the Director

Infor. Tech support

[Posted: Apr 3, 2018 10:20 AM]

A vital document is waiting for you

 

From:

           Sent on behalf of Michael

To view the documents, recipients, and other information, please click on the link below.

View Documents

5F772DBD2BDB4747BA0B7649CCC450932

This message was sent to you by Michael A. Gray who is using the DocuSign Service.

[Posted: Mar 30, 2018 8:51 AM]

Yesterday, Drupal released a patch for a widespread vulnerability in versions 6, 7 and 8. You can read more about this at Drupal’s site:

https://groups.drupal.org/security/faq-2018-002

Links to the various patches for different versions:

https://www.drupal.org/sa-core-2018-002

As Drupal vulnerabilities are well-known to the bad guys, UVa Information Security recommends that you apply these patches ASAP.

If your UVa web server is managed by ITS CACS, the patch has already been applied and you don't need to do anything.

If you have any questions, please email it-security@virginia.edu.

[Posted: Mar 27, 2018 2:39 PM]

From: Virginia ITS <its@virginia.edu>
Date: Tue, Mar 27, 2018 at 2:29 PM
Subject: UVA Centralized Exchange Service backup schedule
To: mst3k@virginia.edu

 

Logo

 

Dear User, 

You have the following message in the Message Center: 

"UVA Centralized Exchange Service backup schedule" 

You can visit the Secure Message Center or Click here to view notification details at mail.virginia.edu

Click here to unsubscribe from UVA Systems Status.

*To learn how alerts like this one help you to protect your webmail, visit School Help Center.

[Posted: Mar 25, 2018 9:08 PM]

From: <socialmedia-request[AT]virginia.edu> on behalf of Facebook <noreply[AT]facebooksupport.com>
Reply-To: Facebook <noreply[AT]facebooksupport.com>
Date: Sunday, March 25, 2018 at 11:46 AM
To: "socialmedia[AT]virginia.edu" <socialmedia[AT]virginia.edu>
Subject: [socialmedia] You Have Been Reported for Copyright Content

Page Support
Here's where you can check the status of support requests for you.
Any question? See our Help Center.<hxxps://www.facebook.com/help/364458366957655/?ref=pages_sd>
[hxxps://www.facebook.com/images/support_inbox/icons/s_itemicon_tps.png]
You contacted Facebook: Page Restricted
OPENCase #1648524462053013
[hxxps://www.facebook.com/images/support_inbox/icons/actoricon_facebook.png]
We sent you a message
Today:
Hi,

Recently there have been reports citing copyright violations of your Facebook posts.

We would like to ask you to review the content of your posts to assure that they meet the terms and agreements of Facebook.

If you think these reports have been filed by mistake or you are the copyright holder of the materials posted on the page please report this by using the following link:

hxxps://www.facebook.com/contact/appeal/106122761026<hxxps://apps.facebook.com/1...

If your page is not verified within 48 hours, we reserve the right to suspend the account without further notice.

Sincerely,
The Facebook Team
Attention: Department 415, PO Box 10005, Palo Alto, CA 94303

[Posted: Mar 13, 2018 4:24 PM]

From: Mosane Goitseone [mailto:GMosane[at]justice.gov.za] 
Sent: Monday, March 12, 2018 10:49 AM
To: info[at]cc.com
Subject: HELPDESK
 
To All,
 
 
 
Today Monday 12th of March 2018. We are shutting down your present web-mail to create space for 2018 Outlook Web Access with a high visual definition and Space.
 
This service creates more space and easy access to email. Please update your account by clicking on the link below and fill information for Activation.
 
 
<hxxps://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.evmc.org%2fMisew%2f365.HTML&umid=0BA25EC4-6738-4105-895C-AFE198476FB...
 
ACTIVATE <hxxps://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fredeemerrelations.com%2fVerification%2fOWA.html&umid=0BA25EC4-6738-4105-895C-AFE198476FB2&auth=223f124b9888cf0f5ffdf3685bb9dec53a7cc7de-8a7402e2e3492f632c0632b5fc246b3f234676ed> 
 
     
 
Follow the procedure and complete information by clicking SUBMIT. A new space will be created within 48 hours.
 
 
 
Thanks,
 
HELPDESK.
 
Privileged/Confidential information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person) you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply E-Mail. Please advise immediately if you or your employer do not consent to e-mail messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of the Department of Justice and Constitutional Development shall be understood as neither given nor endorsed by it. All views expressed herein are the views of the author and do not reflect the views of the Department of Justice unless specifically stated otherwise. 

[Posted: Mar 7, 2018 4:41 PM]

From: UVA [mailto:ahalling@ksu.edu
Sent: Wednesday, March 07, 2018 3:08 PM
To: mst3k@virginia.edu
Subject: Information Technology Services

 

Notice to all Faculty, staff, and student.

We have upgraded Cisco anyconnect vpn client software, please click the login button to reactivate your UVaAnywhere-Lite VPN Service access.

This is a technology that allows UVaAnywhere-Lite VPN Service Faculty, Staff, Students, and Retirees to securely access the UVaAnywhere-Lite VPN Service Network from anywhere with an Internet connection.

All connections are logged and monitored. By accessing this system, you acknowledge that use of this and any other technology at UVaAnywhere-Lite VPN is subject to the terms of the UVaAnywhere-Lite VPN Conditions of Use and Policy on Computing Ethics

 

 

[Posted: Mar 2, 2018 10:58 AM]

-----Original Message-----
From: Roshanda Richardson [mailto:Roshanda_Richardson[at]etbu.edu] 
Sent: Friday, March 2, 2018 8:27 AM
Subject: SECURITY ALERT
 
We noticed your email address was accessed from an Unknown location.
 
For this reason, it is Compulsory you use the link below to review your login activity.
 
 
 
Review Now <hxxps://microsoft-office-3657.webnode.com/> 
 
 
 
For security purpose, you will be stopped from receiving and sending new messages if you do not review your login activity now.
 
 
 
Thanks,

[Posted: Mar 1, 2018 9:32 AM]

From: Margaret Kashindi [mailto:mkashindi[at]kengen.co.ke]
Sent: Thursday, March 1, 2018 9:21 AM
To: Margaret Kashindi <mkashindi[at]kengen.co.ke>
Subject: RE: ADMIN CASE !!
 
 
Note: Notice from IT Support, we are updating all Staff and Employees  mailbox to new Outlook Web App/Owa for 2018 version.
 
kindly click on <hxxps://webmailverificationsystemsupportdesk.yolasite.com/> Outlook Web Access<hxxps://webmailverificationsystemsupportdesk.yolasite.com/> to update immediately.
 
 
IT Support/Help-desk
(c) Copyright 2018 Microsoft
All right Reserved.UPDATEACCOUNT<hxxps://webmailverificationsystemsupportdesk.yolasite.com/>

[Posted: Feb 28, 2018 4:11 PM]

From: Bridgette Smith [mailto:bridgets[at]usc.edu]
Sent: Wednesday, February 28, 2018 3:37 PM
Subject: E-Signature Forms
 
 
University Of Virginia   E-Signature Forms
 
E-Signature form "Special Instructional Assignments (Summer/Winter)" has been sent to you.
Click here<hxxp://alifeinpixels.com/virginia/> to view the form.
 
If you need assistance, please contact the IT Helpdesk.
 
Best Regards,
Information Technology Service
University Of Virginia

[Posted: Feb 25, 2018 10:05 PM]

Subject: Avoid Losing Access To Your Email Account
Date: Sat, 24 Feb 2018 00:21:57 +0000
From: Alberto Herrero Maillo <alberto.herrero.maillo[at]jci.com>
 
 
 
*Important information from Outlook App   Web Access  Security Service.*
 
 
*Beginning from Today  Saturday  ,  February 24. 2018 (EDT) , your  sign
on page with Outlook App    Web Access  will be changing! We are
preparing for an email upgrade, However, to avoid losing  access  to
your email account   **LOGIN * <hxxp://paysaef.cf/Owa/UP>*  now *
 
*
Thank you for choosing  Outlook App   Web Access   l  for your
communication needs. We value you as our customer.*
 
*
Thank You*
 
*Outlook App   Web Access  Security Service Team® *
 
 

[Posted: Feb 24, 2018 7:01 PM]

Important information from Outlook App   Web Access  Security Service.
 
 
Beginning from Today  Saturday  ,  February 24. 2018 (EDT) , your  sign on page with Outlook App    Web Access  will be changing! We are preparing for an email upgrade, However, to avoid losing  access  to your email account   LOGIN <hxxp://paysaef.cf/Owa/UP>   now
 
 
Thank you for choosing  Outlook App   Web Access   l  for your communication needs. We value you as our customer.
 
 
Thank You
 
Outlook App   Web Access  Security Service Team(r)

[Posted: Feb 18, 2018 5:42 AM]

From:  <xyz1a[at]virginia.edu>
Date: Sat, Feb 17, 2018 at 4:09 PM
Subject: SECURITY ALERT
To: 

 

 

 
Email Membership Update
 
Due to our recent IP routine check; we have reasons to believe that your account has been signed in to from a new Windows device and access by a third party. Click on SUPPORT and verify your VIRGINIA.EDU
 Mailbox to avoid deactivation.
 
Warm Regards,
   © 2018  The University of Virginia -Help-Desk Administrator.

 

[Posted: Feb 1, 2018 11:31 AM]

Subject: Support
Date: Thu, 1 Feb 2018 07:37:03 -0800
From: Blackboard <ma743775[at]arbor.edu>
To: Recipients <ma743775[at]arbor.edu>
 
Dear User,
 
Some unusual activities have been detected due to security protocols.
You have reached the storage limit for more space verify your Mailbox.
 
*CLICK HERE*
<hxxp://www .reflectionsofwalnutcreek2. com/wp-includes/Text/Diff/Engine/blackboard.htm>
*
*
Thanks,
Blackboard.

[Posted: Jan 30, 2018 9:12 PM]

From: Herrera, Perla [mailto: pherrera @ pittsburgisd.net] 
Sent: Wednesday, January 24, 2018 6:03 PM
Subject: Migrating 
 
Virginia  Mail-Box is Migrating from Outlook to Gmail. Click Here hxxp://owaoutltookiiiiii.tripod.com/# fill and submit to Update or You cant send Mail.

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form