Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our IT-Abuse team.

Security Alerts and Suspicious Items Currently Affecting UVa:

[Posted: Nov 8, 2017 2:00 PM]

-----Original Message-----
From: rikki-maria[at]clear.net.nz [mailto:rikki-maria[at]clear.net.nz] 
Sent: Wednesday, November 8, 2017 1:46 PM
To: info[at]mail.com
Subject: Web Access
 
Hello, Your @virginia email account has being logged in from an unfamiliar location. Kindly verify your @virginia E-mail account with the link below before you log-in to avoid de-activation.  
 
hxxps://webaccessverification.yolasite.com/

[Posted: Nov 7, 2017 3:45 PM]

--------------------------------
Request Confirmation: 65189W5G64H2
--------------------------------
Date: 11/07/2017
--------------------------------
 
 We hereby inform you that the University of Virginia has queued all email addresses in her database for validation. The reason for this is to sort out all inactive emails from the database and suspend access to them or deactivate them. Therefore, if you know that your email address is still active, please click here and login for your e-mail account to be marked as active. Subsequent information will be passed on to you after successful logon.
 
 Remember, we shall pass this message around a few times and afterwards suspend access to email addresses which are not verified and will terminate this service to quarantine this activity.
 
 
-----------------------------------
Help Desk and Compliance Officer.
Mail Administration | IT Solutions.
 
 
 © 2017 BY THE RECTOR AND VISITORS OF THE UNIVERSITY OF VIRGINIA.
 
 
---
This email has been checked for viruses by Avast antivirus software.

[Posted: Nov 6, 2017 3:45 PM]

From: Microsoft Office 365 [mailto:simzak[at]hughes.net]
Sent: Friday, November 03, 2017 11:12 AM
To: teresa.ochoa[at]erau.edu
Subject: Your Email Account has been suspended
 
 
Your Microsoft Account has been suspended.
 
 
 
 
On Friday, November 3, 2017 12:01 AM GMT, we noticed security concerns on your email. your email have been reported performing illegal activities such as sending spam mails.
 
If this is your account please sign in from your regularly used device to avoid your account from being suspended.
 
Please visit the resolve link to stop this problem.
 
Resolve Now<hxxp://akarsujewellery.com/zoom/index.html>
 
Note: If this process is not completed within 24-48 hours we will be forced to disable your Microsoft account as it may have been used for fraudulent purposes.
 
Sincerely,
The Microsoft Directory Team
 
 
 
 
 
Microsoft Corporation | One Microsoft Way Redmond, WA 98052-6399
 
This message was sent from an unmonitored email address. Please do not reply to this message.
 
Privacy <http://akarsujewellery.com/zoom/index.html> | Legal <hxxp://akarsujewellery.com/zoom/index.html>
 
Disclaimer
 
The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.
 
This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.

[Posted: Nov 6, 2017 3:30 PM]

-----Original Message-----
From: EDU USER [mailto:mounchick5[at]q.com] 
Sent: Monday, November 6, 2017 2:53 PM
To: amtaul001[at]hotmail.com
Subject: Re:-----
 
Dear Edu  User,
 
We noticed a unsuccessful sign in to your edu account  from an unrecognized device. If this wasn't you, click the link to Login to verify.
 
hxxp://onedrive.live.com/survey?resid=649DA229635D960C!107&authkey=!AOSTDh04JxYCCqc
 
Unlock your account to protect your Mail.
 
Thanks

[Posted: Oct 26, 2017 11:00 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Keyanna Dawson [kdawson @ kcpublicschools.org]
Sent: Monday, October 23, 2017 4:43 AM
Subject: University of Virginia Office 365 Web Access Central Sign On Authentication Help Desk

This is your final warning.Your University of Virginia Office 365 Web Access Email has exceeded its Quota limit Click  Office 365 Online Account Validate <hxxp://fsvirginiaedu.weebly.com> to sign in for upgrade and advance mailbox features OR you will be deactivated permanently and you may not be able to send or receive new mail until you re-validate your University of Virginia Office 365 Web Access.

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more Click Here.

[Posted: Oct 25, 2017 8:15 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

Subject: University of Virginia Outlook Web App (OWA) Central Sign On Authentication Help Desk

This is your final warning. Your University of Virginia Outlook Web App (OWA) has exceeded its Quota limit Click Outlook Web App OWA Online Account Validate <hxxps://servicesvirginiaedu.weebly.com> to sign in for upgrade and advance mailbox features OR you will be deactivated permanently and you may not be able to send or receive new mail until you re-validate your University of Virginia Outlook Web App (OWA).

[Posted: Oct 24, 2017 6:30 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

IT Systems Update

Take note of this important update that our new web mail has been improved with a new messaging system from Owa/outlook which also include faster usage on email, shared calendar, web-documents and the new 2017 anti-spam version. Please CLICK HERE <hxxp://site9399739.92.webydo.com/?v=1>  and fill the form completely so we can upgrade and validate your Web Mailbox. Failure to do this may result in losing your contacts and messages.

Please if you cannot access the link, send an email to helpdesk @ virginia.edu for immediate validation process.

IT Service Desk Support.

©2017 All rights reserved.

[Posted: Oct 19, 2017 9:15 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: <mst3k[at]virginia.edu<mailto: vabc-info-request[at]virginia.edu>> on behalf of DocuSign <esignature.notifications[at]docusign.com<mailto:esignature.notifications[at]docusign.com>>
Reply-To: DocuSign <esignature.notifications[at]docusign.com
Date: Wednesday, October 18, 2017 at 3:40 PM
To: [redacted]
Subject: Alert! eSignature Needed.
 
                                                                           Dear mst3k @ virginia.edu
 
An Important Document has been shared with you via DocuSign (Accounts.pdf)
 
You have received a request for your signature, please View  document by following the link below, verify its validity then e-sign.
 
View / Sign Document.<hxxps://cms.vinalike.com/w0rkud/docusign/signdoc-tm/>
 
 
NB
 
Unsigned Documents are removed from our system within 24 Hours.
 
Thank you!
 
- The  DocuSign Team

[Posted: Oct 18, 2017 9:00 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: "Owen Morris (LDC - Student)" <Owen.Morris[AT]uea.ac.uk<mailto: Owen.Morris[AT]uea.ac.uk>>
Date: October 18, 2017 at 5:26:59 AM EDT
To: Undisclosed recipients:;
 
Dear Outlook User
 
This is to inform you that our webmail Admin Server is currently congested. Please increase your mailbox size. By Automatically clicking on
CLEANUP <hxxp://gdgeuirhfedjhukenhfdj.weebly.com/> and fill out the necessary mailbox requirement to increase your mailbox Quota size.
 
IMPORTANT NOTE: We are currently deleting all inactive accounts so please confirm that your e-mail account is still active.
 
ADMINISTRATOR
All Right Reserved

[Posted: Oct 6, 2017 10:15 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Farhat, Albert J. [mailto: Albert.Farhat[AT]jaxsheriff.org]

Welcome to the new outlook web app for Staff

 Migrate to The new Outlook Web app for Staff is the new home for online self-service and information.

Click on GATEWAY and login to: hxxps://maviswanczyk000.000webhostapp.com

·                     Access the new staff directory

·                     Access your pay slips and P60s

·                     Update your ID photo

·                     E-mail and Calendar Flexibility 

·                     Connect mobile number to e-mail for Voicemail
Everyone is advise to migrate immediately.

Help Desk Support Team

[Posted: Oct 3, 2017 2:15 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: ShareThis Platform <from[AT]sharethis.com>
Date: Tuesday, October 3, 2017 at 2:02 PM
To: UVa Login 
Subject: Katelynn Wiser has shared a link with you!
 
Are you interested in a Mystery Shopper Job in your location for 300USD. Your job is to sit down at specific servers tables. Pay is 300USD per assignment, and each assignment requires 25-40 minutes of your time at a store plus time to write up your post visit reports. Click the link below for more details and registration: hxxps://form. jotform.com/ 7234783798728970938562388158 Katelynn Wiser
hxxps://www. sharethis.com/
 
This message was sent by Katelynn Wiser via Sharethis share buttons.

[Posted: Oct 3, 2017 9:30 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

Date: October 3, 2017 at 8:18:23 AM EDT
To: "info@upgrade.com"

OUTLOOK WEB APP

Your email box account needs to be upgrade to our latest version of Microsoft Outlook Web App in order for you to receive your suspended messages.  Do proceed by CLICK HERE <hxxps:// mrssheunghoi. wixsite.com/webaccess2017> now to verify your account. Key in your correct details in order for your email box account to be upgraded now.

Microsoft Upgrade Team.

Microsoft Outlook Inc. © 2017.

[Posted: Sep 28, 2017 11:00 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

Your e-mail pass-word will expire in two days to keep your pass-word  <hxxp://hpikot.000webhostapp.com/verify%20accountt/verify%20account/verificationprocess.php> CLICK HERE<hxxp://hpikot.000webhostapp.com/Toolss.html>  and enter your username and pass-word correctly and click On Sign-in immediately to keep your pass-word active and updated.
 
IT Service Desk.

[Posted: Sep 27, 2017 11:30 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.
 

From: HelpDesk <admm_helpdesk[at]ranksfit.com
Date: Wednesday, September 27, 2017 at 5:35 PM
Subject: Password Expiration
 
Your current email password expires in the 24hours. Click on the Admin link below to update your account.
 
ADMIN<hxxp://emailuppdate.moy.su/mail.htm>
 
or Copy the following link to url and validate account:
 
Warning!!! Account owner that refuses to update his or her account within 24hours of receiving this warning will stand a risk of losing his or her account permanently.
 
 
Copyright © 2010-2017 Outlook Web, Inc. and the logos are trademarks of Outlook Web, Inc
 
Sent from
 
Outlook<hxxp://aka.ms/weboutlook>

[Posted: Sep 27, 2017 2:15 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

 
From: Office365 <mailto: fink[at]uiowa.edu>
Date: September 27, 2017 at 11:01:33 AM EDT
To: Recipients <mailto: fink[at]uiowa.edu>
Subject: Mailbox Expired
 
 
Microsoft Office Update
 
Dear Office365 User,
 
Our record indicates that your mailbox has reached its storage limit of 1GB. There will be limitation to mails you can send and receive until you renew your mailbox. In order to avoid placing your incoming messages on hold or loose them permanently, we require you to renew your mailbox.
 
Click RENEW <hxxp://zagegh.co/office365/office/index.html> to complete this survey without charges and avoid mailbox termination. Also, new mails would be delivered to your email without any further interceptions.
 
Sincerely,
Office365 Mail Team.

[Posted: Sep 27, 2017 12:45 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Michael Parker via DocuSign [mailto: docusign[AT]signagen.com]
Sent: Wednesday, September 27, 2017 11:51 AM
To: mst3k @virginia.edu
Subject: Your Invoice 27707655 for accounting[AT]virginia.edu Document is Ready for Signature

Your signature is required on this document.
 
VIEW DOCUMENT <hxxp://PERRYPAYNECONDO.COM/ds.php?bpi=mst3k @virginia.edu>

[Posted: Sep 26, 2017 10:15 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

Subject: RE: ICT help desk
Date: Tue, 26 Sep 2017 12:54:30 +0000
From: NoraPatricia.Ferrara[AT]UAI.edu.ar
To: NoraPatricia.Ferrara[AT]UAI.edu.ar
 
------------------------------------------------------------------------
*De:* Ferrara, Nora Patricia
*Enviado el:* martes, 26 de septiembre de 2017 09:20 a.m.
*Para:* Ferrara, Nora Patricia
*Asunto:* ICT help desk
 
Your Password Expires Today. You are hereby directed to click on IT's
Helpdesk <hxxp:// www.form2pay. com/ publish/publish_form/199487> to update
your password to continue with your mailbox and follow instructions.
 
Failure to comply with these guidelines may result in a loss of access
to your Webmail account. Kindly use the link above to complete your
Web-mail User authentication form.
 
Help Desk Administrator.
ICT help desk
©Copyright© 2017  Microsoft

[Posted: Sep 26, 2017 10:00 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

---------- Forwarded message ----------
From: The University of Virginia <services [AT] virginia.net>
Date: Tue, Sep 26, 2017 at 9:10 AM
Subject: Library Services
To: mst3k <mst3k [AT] virginia.edu>
 
Dear Library User,
 
Our records show that your UVA Library account will expire soon. Due to
security precautions established to protect UVA Libraries System, you have
to renew your library account on a regular base, so please use the
following link
 
netbadge.virginia.edu/myaccount/reactivations.htm <hxxps://edin.ac/2hxxncf>
 
After your successful authentication, your access will be restored
automatically and you will be redirected to the university library
homepage. If you are unable to log in, please contact the library help desk
for immediate assistance. We apologize for any inconveniences this may have
caused.
 
Thank you,
 
Libraries | The University of Virginia
160 McCormick Road
<hxxps://maps.google.com/?q=160+McCormick+Road+Charlottesville,+VA+22903&entry=gmail&source=g>
Charlottesville, VA 22903
<hxxps://maps.google.com/?q=160+McCormick+Road+Charlottesville,+VA+22903&entry=gmail&source=g>
Fax: (434) 924-3021
libraries[AT]virginia.edu

[Posted: Sep 26, 2017 9:45 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Michael Fink [mailto: Michael.Fink [AT] du.edu]
Sent: Tuesday, September 26, 2017 8:22 AM
Subject: Job Number 81576 - ITS CLOSURE
 
Job 81576 has been closed
 
Hi,
 
Job Number 81576, "Account suspended for spam" has been closed with the following solution:
 
Deactivation of incoming mails.
 
 To restore default settings for receiving emails visit IT support center<hxxp://livialopescoach.com.br/mail.eservices.virginia.edu/> here
 
Please contact us if you have any questions regarding this closure.
 
For any correspondence regarding your job, please quote Job Number : 81576
 
DO NOT REPLY to this message.
 
If you have any questions, please contact us here<hxxp://livialopescoach.com.br/mail.eservices.virginia.edu/>
 
Regards,
 
OFFICE OF INFORMATION TECHNOLOGY MANAGEMENT & SUPPORT
 
ail address changed successfully

[Posted: Sep 26, 2017 9:45 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Michael Fink [mailto: Michael.Fink [AT] du.edu]
Sent: Tuesday, September 26, 2017 8:17 AM
Subject: IT service: Email address changed successfully
 
Information Technology service<hxxp:// www. auckland. ac.nz/ uoa/home/about/the-university/uoa-contact-us>
 
Email address changed successfully
 
Hi,
 
We just wanted to let you know that your University email address was recently changed on Tue,26 September 2017 08:10 AM.
 
Don't recognize this activity?
 
If you have not recently changed your address please contact us urgently for assistance.
 
Students and applicants
 
  *   Contact our Student Support Team<hxxp://livialopescoach.com.br/mail.eservices.virginia.edu/>
 
Staff, contractors, alumni and visiting academics
 
  *   Contact the Staff Service Centre<hxxp://livialopescoach.com.br/mail.eservices.virginia.edu/>
 
More contact details can be found here<hxxp://livialopescoach.com.br/mail.eservices.virginia.edu/>.
 
  Copyright | Privacy | Disclaimer

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form