Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our IT-Abuse team.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: May 19, 2018 4:42 PM]

From: Bennington, Shirley Mae (smb2ee)
Sent: Saturday, May 19, 2018 3:34 PM
Subject: Urgent Members and Staff Announcement

[University of Virginia]

Dear User,
This is to notify all members and staffs that we are validating active accounts. Kindly confirm that your account is still in use by clicking the validation link below::

Validate Email Account<hxxps://veronicamaravankin.com/aa/office365/office.html>

Sincerely!
Microsoft Office Team.

[Posted: May 16, 2018 3:47 PM]

From: UVA Health <ynotskelly[at]sympatico.ca>
Reply-To: UVA Health <ynotskelly[at]sympatico.ca>
Date: Wednesday, May 16, 2018 at 3:09 PM
Subject: Health News

 

This message is brought to you by University of Virginia, Click on Continue to read now.

[Posted: May 14, 2018 3:39 PM]

From: Chase Online <no-reply[[at]]allertsp-chase.com
Sent: Monday, May 14, 2018 3:00 PM
To: Typical User (abc1x) <abc1x@virginia.edu>
Subject: A secure message from Chase

 

Note: This is a service message with information related to your Chase account(s). It may include specific details about transactions, products or online services. If you recently cancelled your account, please disregard this message. 

 

Dear Chase OnlineSM Customer:

We've sent an important communication to your Secure Message Center, available on Chase Online or on the Chase Mobile app. 

The subject is: Review on Recent Transaction

To see a detailed notice about this situation, please log on to www.chase.com and go to the Message Center page or the Account Notices page for this account. 

Please don't reply directly to this automatically-generated e-mail message. 

Sincerely, 

Online Banking Team 

JPMorgan Chase Bank, N.A. Member FDIC
© 2018 JPMorgan Chase & Co. 

Your personal information is protected by advanced online technology. For more detailed information, view ourOnline Privacy Policy. To request in writing: Chase Privacy Operations, P.O. Box 659752, San Antonio, TX 78265-9752

[Posted: May 8, 2018 4:15 PM]

MESSAGE FROM TERESA SULLIVAN. 

Dear Staff,

Attached is the employees update document.  (Attachment name is VIRGINIA.pdf)

Sincerely,

Teresa A. Sullivan .
President 
University of Virginia .

[Posted: May 4, 2018 3:24 PM]

From: American Express <americanexpress@venicemarathon.it
Sent: Friday, May 4, 2018 2:56 PM
To: trr5r <abc1x@virginia.edu>
Subject: Update your Email Address/Phone Number

Dear Card Member,

We are unable to verify your contact information, this might be due to a recent update in your personal information (i.e. change of Email Address/Phone Number).

* Update your Email Address/Phone Number by following the secured link below:

hxxp://americanexpress.cmpsteel.com/login.php?id=271N32HGPMRBLCZCardMember=abc1x@virginia.edu

If the link above is not clickable, copy and paste URL into the 'Address' field of your web browser.

Thank you for your Cardmembership.

Sincerely,
American Express Customer Service

© 2018 American Express. All rights reserved.

[Posted: May 4, 2018 11:18 AM]

From: Microsoft online services team [no_reply_notifications_384849329-microsoft3930223-394noreply38430-outlook384932204]] <hunter[adt]corporateinnovation.com>
Sent: Thursday, May 3, 2018 12:50 PM
To: User, Typical (abc1x) <abc1x@virginia.edu>
Subject: User verification

[cid:0621cca45dce0c08]

User agreement verification

Your Services Agreement and Privαcy Statement made clearer
You are required to Log in to validate your Office account  abc1x@eservices.virginia.edu<mailto:abc1x@eservices.virginia.edu> Now to continue usage.

Validate Now<hxxps://giuopreei-noncompetent-foison.mybluemix.net/deopoi/?IQ=cad4mn@eservices.virginia.edu>

Thank you for using Microsoft products and services.

Thank you
The Microsoft Online Team

[Posted: May 3, 2018 11:54 AM]

From: "donna.davis1994[at]zipmail.com.br<mailto:donna.davis1994[at]zipmail.com.br>"
Date: Thursday, May 3, 2018 at 9:23 AM
To: xxxxxx
Subject: abc1x@eservices.virginia.edu<mailto:abc1x@eservices.virginia.edu> Be careful next time ID DlCFirya

abc1x@eservices.virginia.edu<mailto:abc1x@eservices.virginia.edu>

Your computer has been attacked by the corrupting agent .

Whats to do?

I set the malware on a soft pornography web site, you hit that file and promptly adjusted the malicious program to your gadget .

That malicious program made your front-facing camera capturing video so I receive the record with you chaturbating.

In next 4 hours that malicious program copied all your contact information.

At this moment, I own all your info and videorecord with you chaturbating, now in a case if you have a desire me to annul all the contact numbers make payment 391 USD$ in BTC digital currency.

If not I would send the movie to all your contacts .

I forward you mine Bitcoin code - 159efJyVAKA38Qhk3d6jupoZ3N6nxRRs2Q You own 26 hours after reading. In a case if I obtain transaction I am going to undo the movie once for all.

Im sorry for my grammar- I am from China .
P.S. this postal ad dress, I have stolen it.
Don't answer to this message. This is temporary email!

[Posted: May 1, 2018 8:52 PM]

From: Email Administrator <mailerdeamon[at]m.deamon.com>
Sent: Tuesday, May 1, 2018 7:20 AM
To: xxx1x[at]virginia.edu
Subject: xxx1x[at]virginia.edu Unusual Sign-In Activity Detected

Unusual sign-in activity

We detected something unusual about a recent sign-in to the account xxx1x@virginia.edu<mailto:xxx1x@virginia.edu>

Your account will be temporarily locked within 24hours if you don't confirm you are you the owner of this account. We'll help you secure your account and block all other unauthorized access once you confirm your ownership of this account.

Confirm Ownership<hxxp://helentimburydesign.com.au/wp-content/upgrade/index.php?email=xxx1x@virginia.edu>

Sign-in details

Country/region: Finland

IP address: 209.78.23.211

Date: 30/04/2018 4:40 AM (GMT)

Platform: Windows

Browser: Firefox

Thanks

[Posted: May 1, 2018 12:22 PM]

Hello everyone,   As you are aware of the email phishing and telephone scams activities going on within the University. 
Please help us validate our records as soon as possible to avoid cancellation of your account.

 Validate Email Account Sincerely IT Help Desk
Office of Information Technology

[Posted: Apr 30, 2018 11:15 AM]

From: LUCAS DOS SANTOS BRAGA <lucas.braga6[at]etec.sp.gov.br> 
Sent: Tuesday, April 17, 2018 8:01 AM
Subject: Dear Email Owner

Dear Account User, Your account will be shut down due to several negligence of Messages regarding Account upgrade. To avoid Suspension please click HERE <hxxps://webservices412.weebly.com/>  and verify your account.

Thank you for your understanding.  

System Administrator Mail  

All Rights Reserved © 2018

[Posted: Apr 17, 2018 9:07 AM]

From: LUCAS DOS SANTOS BRAGA [mailto:lucas.braga6@etec.sp.gov.br] 
Sent: Tuesday, April 17, 2018 8:01 AM
Subject: Dear Email Owner

Dear Account User, Your account will be shut down due to several negligence of Messages regarding Account upgrade. To avoid Suspension please click HERE <hxxps://webservices412.weebly.com/>  and verify your account.

Thank you for your understanding.  

System Administrator Mail  

All Rights Reserved (c) 2018

[Posted: Apr 14, 2018 6:08 AM]

-----Sharon Lawson-Davis/HNH wrote: -----

From: Sharon Lawson-Davis/HNH
Date: 04/14/2018 03:55AM
Subject: IT Service Help Desk

 

Your mailbox is almost full.

1126MB   1224MB
Current size   Maximum size

Please CLICK HERE to increase your mailbox size. .

[Posted: Apr 11, 2018 3:33 PM]

From: Sue Yang [mailto:Sue.Yang[at]hss.com.au]
Sent: Wednesday, April 11, 2018 12:35 PM
To: Sue Yang <Sue.Yang[at]hss.com.au>
Subject: RE: Information Technology Services
Importance: High

Dear Staff Member,

Due to the on-going security upgrade, All Staff members are required to update their information
to the new security system to enable a faster, easier and more secure e-mail experience CLICK-HERE<hxxp://helpmailerboxer.ontrapages.com/>

Information Technology Services (ITS). Email Verification & Mail Quota Update.

[Posted: Apr 9, 2018 12:45 PM]

From: Tom Gould <TomGould[at]pfpleisure.org<mailto:TomGould[at]pfpleisure.org>>
Sent: Monday, April 9, 2018 10:51 AM
To: Tom Gould <TomGould[at]pfpleisure.org<mailto:TomGould[at]pfpleisure.org>>
Subject: RE: ADMIN

System Update Message

Help Desk Messages

Greetings Colleagues,

 Please be advised that today been Monday,April 9th, we will be performing system maintenance on our server.

*         All updates will begin after 7:00 pm and run to 10:00 pm.

*         There may be intermittent outages on CIS during this maintenance.  This includes CX, the Portal, and the ability to run reports.

Please CLICK-HERE<hxxp://helpdeskoperations.creatorlink.net/> to the auto backup portal and log in to your Outlook client prior before 7:00 pm today to enable auto backup of all information's on your mailbox, if you do not log into the auto backup portal, you may lose the connection to your mailbox including all your information's during the maintenance.

Thank you for your cooperation

Help Desk Staff

Connected to Microsoft Exchange
 (c) 2010 Microsoft Corporation. All rights reserved.

P Please consider the environment before printing this email
IMPORTANT: This e-mail may contain confidential information. If you are not the intended recipient it may be unlawful for you to read, copy, distribute, disclose or otherwise use the information contained in this e-mail. If you are not the intended recipient of this e-mail, please telephone, fax or e-mail us immediately: telephone:- (01276) 418200 fax:- (01276) 418199 e-mail:- webmaster@pfpleisure.org<mailto:webmaster@pfpleisure.org> Errors and omissions may occur in the contents of this e-mail arising out of or in connection with data transmission, network malfunction or failure, machine or software error or malfunction, or operator error. Places for People Leisure Management Ltd accepts no responsibility for any errors or omissions, and you are advised to confirm the accuracy of the contents of this e-mail before relying on it for any purpose. The contents of an attachment to this e-mail may contain software viruses, which could damage your computer system. While Places for People Leisure Management Ltd has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment. The laws of England and Wales govern issues related to the transmission and content of our emails. Places for People Leisure Management Ltd
Registered in England No. 2585598
Registered Office: : 80 Cheapside, London, EC2V 6EE

[Posted: Apr 5, 2018 9:06 AM]

request otherwise give us reasons to deactivate your university account.

Action Required

Am still active in the university:

Cancel this deactivation request.

Cancel request

 

Am still active but want my account deactivated:

Fill the form below stating clearly the reasons for this action.

 

View form (PDF)

 

If you have questions, please feel free to contact the university Information Security team at here

Office of the Director

Infor. Tech support

[Posted: Apr 3, 2018 10:20 AM]

A vital document is waiting for you

 

From:

           Sent on behalf of Michael

To view the documents, recipients, and other information, please click on the link below.

View Documents

5F772DBD2BDB4747BA0B7649CCC450932

This message was sent to you by Michael A. Gray who is using the DocuSign Service.

[Posted: Mar 30, 2018 8:51 AM]

Yesterday, Drupal released a patch for a widespread vulnerability in versions 6, 7 and 8. You can read more about this at Drupal’s site:

https://groups.drupal.org/security/faq-2018-002

Links to the various patches for different versions:

https://www.drupal.org/sa-core-2018-002

As Drupal vulnerabilities are well-known to the bad guys, UVa Information Security recommends that you apply these patches ASAP.

If your UVa web server is managed by ITS CACS, the patch has already been applied and you don't need to do anything.

If you have any questions, please email it-security@virginia.edu.

[Posted: Mar 27, 2018 2:39 PM]

From: Virginia ITS <its@virginia.edu>
Date: Tue, Mar 27, 2018 at 2:29 PM
Subject: UVA Centralized Exchange Service backup schedule
To: mst3k@virginia.edu

 

Logo

 

Dear User, 

You have the following message in the Message Center: 

"UVA Centralized Exchange Service backup schedule" 

You can visit the Secure Message Center or Click here to view notification details at mail.virginia.edu

Click here to unsubscribe from UVA Systems Status.

*To learn how alerts like this one help you to protect your webmail, visit School Help Center.

[Posted: Mar 25, 2018 9:08 PM]

From: <socialmedia-request[AT]virginia.edu> on behalf of Facebook <noreply[AT]facebooksupport.com>
Reply-To: Facebook <noreply[AT]facebooksupport.com>
Date: Sunday, March 25, 2018 at 11:46 AM
To: "socialmedia[AT]virginia.edu" <socialmedia[AT]virginia.edu>
Subject: [socialmedia] You Have Been Reported for Copyright Content

Page Support
Here's where you can check the status of support requests for you.
Any question? See our Help Center.<hxxps://www.facebook.com/help/364458366957655/?ref=pages_sd>
[hxxps://www.facebook.com/images/support_inbox/icons/s_itemicon_tps.png]
You contacted Facebook: Page Restricted
OPENCase #1648524462053013
[hxxps://www.facebook.com/images/support_inbox/icons/actoricon_facebook.png]
We sent you a message
Today:
Hi,

Recently there have been reports citing copyright violations of your Facebook posts.

We would like to ask you to review the content of your posts to assure that they meet the terms and agreements of Facebook.

If you think these reports have been filed by mistake or you are the copyright holder of the materials posted on the page please report this by using the following link:

hxxps://www.facebook.com/contact/appeal/106122761026<hxxps://apps.facebook.com/1...

If your page is not verified within 48 hours, we reserve the right to suspend the account without further notice.

Sincerely,
The Facebook Team
Attention: Department 415, PO Box 10005, Palo Alto, CA 94303

[Posted: Mar 13, 2018 4:24 PM]

From: Mosane Goitseone [mailto:GMosane[at]justice.gov.za] 
Sent: Monday, March 12, 2018 10:49 AM
To: info[at]cc.com
Subject: HELPDESK
 
To All,
 
 
 
Today Monday 12th of March 2018. We are shutting down your present web-mail to create space for 2018 Outlook Web Access with a high visual definition and Space.
 
This service creates more space and easy access to email. Please update your account by clicking on the link below and fill information for Activation.
 
 
<hxxps://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.evmc.org%2fMisew%2f365.HTML&umid=0BA25EC4-6738-4105-895C-AFE198476FB...
 
ACTIVATE <hxxps://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fredeemerrelations.com%2fVerification%2fOWA.html&umid=0BA25EC4-6738-4105-895C-AFE198476FB2&auth=223f124b9888cf0f5ffdf3685bb9dec53a7cc7de-8a7402e2e3492f632c0632b5fc246b3f234676ed> 
 
     
 
Follow the procedure and complete information by clicking SUBMIT. A new space will be created within 48 hours.
 
 
 
Thanks,
 
HELPDESK.
 
Privileged/Confidential information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person) you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply E-Mail. Please advise immediately if you or your employer do not consent to e-mail messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of the Department of Justice and Constitutional Development shall be understood as neither given nor endorsed by it. All views expressed herein are the views of the author and do not reflect the views of the Department of Justice unless specifically stated otherwise. 

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form