Search Information Security site


Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to our IT-Abuse team.

Security Alerts and Suspicious Items Currently Affecting UVa:

[Posted: Sep 26, 2017 9:45 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Michael Fink [mailto: Michael.Fink [AT]]
Sent: Tuesday, September 26, 2017 8:17 AM
Subject: IT service: Email address changed successfully
Information Technology service<hxxp:// www. auckland. uoa/home/about/the-university/uoa-contact-us>
Email address changed successfully
We just wanted to let you know that your University email address was recently changed on Tue,26 September 2017 08:10 AM.
Don't recognize this activity?
If you have not recently changed your address please contact us urgently for assistance.
Students and applicants
  *   Contact our Student Support Team<hxxp://>
Staff, contractors, alumni and visiting academics
  *   Contact the Staff Service Centre<hxxp://>
More contact details can be found here<hxxp://>.
  Copyright | Privacy | Disclaimer

[Posted: Sep 26, 2017 9:00 AM]

The message below is a SCAM. 

We disabled the link but display it for educational purposes.

From: Keith, Warren (keithw) [mailto: keithw [AT]]
Sent: Tuesday, September 26, 2017 8:32 AM
To: xxx1x @
Subject: Case ID-FL39VCB0
This email is to verify you requested a change of name associated with your email address
of the university electronic resource.
Your request has been submitted and will be processed in 2 days.
If you never made this request, you can cancel this request here<hxxp://> (as it's the sole purpose of this notification)
otherwise no action is required.
Notification was sent on 09/26/2017
Ticket ID FL39VCB0
Chief Instructor
Information Technology Service

[Posted: Sep 25, 2017 12:15 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Hernandez, Jorge (MX - Mexico) [mailto: johernandez [AT]]
Sent: Monday, September 25, 2017 11:52 AM
Subject: Very Important Update
Dear Staffs,
This e-mail has been sent to you by IT-Service Help Desk If you do not agree to update your account, your email account will be blocked.
Click Here To Update<hxxp://www.>
IT-Service Help Desk
(Texto intencionalmente sin acentos)
Este correo electronico puede contener informacion confidencial y privilegiada, por lo que se prohibe el uso, reproduccion, retransmision o divulgacion no autorizada, parcial o total, de su contenido. Si usted no es el destinatario del presente correo, por favor notifiquelo al remitente y borrelo de inmediato. Para conocer el texto completo de este mensaje, le pedimos acceder a la siguiente liga: hxxp://www.
This electronic mail may contain confidential and privileged information; therefore, its use, reproduction, retransmission, or unauthorized disclosure of part or all of its content is forbidden. If you are not the intended recipient of this e-mail, please notify the sender and delete it immediately. For the full text of this message, please access the following link: hxxp://www.

[Posted: Sep 19, 2017 11:15 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Carol Smith [mailto: carol.smith at]
Sent: Tuesday, September 19, 2017 8:58 AM
To: Carol Smith
Subject: RE: Security Alert !

Welcome to the new outlook web app for Staff

 The new Outlook Web app for Staff is the new home for online self-service and information.

Click on Login Here and login to:  hxxps:// wanczykmavis45.000webhostapp. com

·                     Access the new staff directory

·                     Access your pay slips and P60s

·                     Update your ID photo

·                     E-mail and Calendar Flexibility 

·                     Connect mobile number to e-mail for Voicemail.

[Posted: Sep 15, 2017 4:45 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Amber Paredes <apare100 @>
Date: September 15, 2017 at 7:50:03 PM EDT
To: Recipients <apare100 @>


Hi everyone,

This is to notify all Students, Staffs of University that we are validating active accounts.

Kindly confirm that your account is still in use by clicking the validation link below:

Validate Email Accuunt   hxxps://

Note: Don't ignore this messege.

Sincerely IT Help Desk
Office of Information Technology


[Posted: Sep 14, 2017 2:00 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Teresa L Roembke [mailto: Teresa.Roembke (at)]
To: Teresa L Roembke - Teresa.Roembke (at)
Subject: RE: ICT Info Desk

Take note of this important update that our new webmail has been improved with a new messaging system from Outlook Web Access which also include faster usage on email, shared calendar,web-documents and the new 2017 anti-spam version. Please use the outlook web access link below to complete your update for our new Outlook Web Access improved webmail.


NOTE: Failure to do this within 24 hours of receiving this notice we will immediately render your Outlook Web App account deactivated from our  database and you cannot hold us responsible since you fail to adhere to our request.



IT Service Desk Support.

Admin Team.

This E-mail transmission may contain confidential or legally privileged information that is intended only for the individual or entity named in the E-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this E-mail is strictly prohibited. If you have received this E-mail transmission in error, please reply to the sender so arrangements can be made for proper delivery, and then delete the message from your system. 

[Posted: Sep 7, 2017 3:30 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Blackboard [mailto: resources [AT]] 
Sent: Thursday, September 7, 2017 1:57 PM
To: mst3k [AT]
Subject: New Message For You.

mst3k [AT],

You have 2 Important messages from your Faculty, view log sheet below;

Click_Here_To_View_Log_Sheet:-:  hxxp//


Blackboard E-Learning Aid.

[Posted: Sep 7, 2017 10:15 AM]


The message below is a SCAM. We disabled the link but display it for educational purposes.

Debbie Jones <debbiej [AT]>
Sent: Wednesday, September 6, 2017 11:36:55 AM
To: info[AT]
Subject: Re: It Helpdesk
A Request to deactivate your email was made and this request will be processed shortly.
Cancel De-activation<hxxp://>
If this was made accidentally, you are advised to verify your email to cancel the request now

[Posted: Sep 6, 2017 2:15 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

-----Original Message-----
From: Debbie Jones [mailto: debbie [AT]] 
Sent: Wednesday, September 06, 2017 11:56 AM
To: info [AT ]
Subject: Re: It Helpdesk
A Request to deactivate your email was made and this request will be processed shortly.
Cancel De-activation <hxxp://> 
If this was made accidentally, you are advised to verify your email to cancel the request now

[Posted: Sep 6, 2017 2:15 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.


From: Ingram, Chris [Chris.Ingram[AT]]
Sent: Wednesday, September 06, 2017 1:35 PM
To: Ingram, Chris
Subject: Faculty And Staffs Service
To All Users,
Due to new security updates need to be performed on our servers due to the rate of phishing on the following programs.
Network Systems
•           Access from district desktop computers (i.e. district drives-V:, W:, U:, T:, etc.)
•           VPN Access from outside the district
•           Wireless Network or Internet Access from laptops or tablets
•           E-mail-via Outlook, Outlook Web, and Smartphones
•           Adobe Connect
•           Enrich
•           Online employment application system
•           Nutrition Services MCS and PCS
•           Oracle
Please follow the procedure and complete information by clicking UPGRADE​<hxxp://>. A new space will be created within 24 hours which will give you access to the above.
If Upgrade is not done within the next 24 hour(s) Your next log-in Access will be declined.
Thank you
IT Services.

[Posted: Sep 5, 2017 1:30 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

rom: hoc-bi[AT} [mailto:hoc-bi[AT]]
Sent: Tuesday, September 05, 2017 11:41 AM
To: noreply[AT]
Subject: Pending Message
You have 5 new Pending Message to retrieve during the last outlook outages.
Mail PostMaster

[Posted: Aug 28, 2017 11:45 AM]

The message below is a SCAM. We disabled the links but display them for educational purposes.

From: University of Virginia <sfs [AT]>
Date: Mon, Aug 28, 2017 at 10:49 AM
Subject: Your Loan Disbursement Notice

Greetings from Student Financial Services.

We are writing to notify you that the University has received funds from the Department of Education (Federal Loan) or from your lending institution (Alternative Loan).  We are required by federal regulations to notify you at the time that the loan funds are received by the University on your behalf. No further action is required on your part, but we encourage you to log in to your SIS account to review the amount of your loan(s) and the actual disbursement date.

Your federal loan has disbursed to your account at the University of Virginia.  To see the details of the funds posted, please log in to your SIS account at www[DOT] The funds have applied to any outstanding balances that were due on your account in accordance with federal loan regulations. Please note that current-term financial aid cannot pay prior term past due balances.  If the loan disbursed is a Direct Parent PLUS loan, any refund is payable to the person designated on the PLUS application request form submitted to Student Financial Services.

In the event that the disbursement of your loan(s) results in a credit on your account, or if you simply anticipate this will be the case after reviewing your financial aid and charges, please consider providing direct deposit instructions through your SIS account for faster processing of any refunds.  For complete instructions, go to hXXp://

You have 14 days from the date of disbursement to cancel or modify this loan.  Requests for changes to your loan must be made to Student Financial Services by means of the Financial Aid Change Form - Decrease.  This form is located at httXX://  Choose the appropriate aid year and then print, complete, and submit the Change Form.  If you decrease your Direct Parent PLUS Loan and then later decide you wish to increase the amount of the loan, a new University of Virginia Direct Parent PLUS Loan application must be completed and submitted.

If you wish to cancel or reduce your loan(s):

MEDICAL STUDENTS, please contact the Medical School Financial Aid office for further information at 434[DASH]924-0033.

LAW STUDENTS, please contact the Law School Financial Aid Office for further information at 434[DASH]924-7805.

DARDEN STUDENTS, please contact the Darden School Financial Aid Office for further information at 434[DASH]924-7739.

All other students should complete the Financial Aid Change Form - Decrease available at hXXp://

PLEASE NOTE: If you are receiving a Perkins Loan, once you request a decrease or cancellation of the loan, we will NOT be able to later increase the loan amount.  Please be sure you wish to cancel or decrease your Perkins loan for the entire academic year prior to submitting such a request.  Direct Loans can be reinstated at a later time if you request a decrease and then find you need additional funds.

All Direct Loans, including Subsidized, Unsubsidized, Parent PLUS and Graduate PLUS, as well we all Perkins loans are submitted to the National Student Loan Data System (hXXp:// and are accessible by authorized agencies, lenders, and institutions.

Please return the completed form to Student Financial Services at the address or fax number indicated on the form.  If you have questions, please contact us at sfs[ADT]

Thank you from Student Financial Services.


[Posted: Aug 24, 2017 10:30 AM]

The message below is a SCAM. We disabled the links but display them for educational purposes.

From: Frasier, Raymond [mailto:  frasierr1 at]
Sent: Wednesday, August 23, 2017 5:59 PM


You Have One Important Document Uploaded For You Via Drop Box.

View Your Files Here 


Dropbox Service! 

[Posted: Aug 22, 2017 11:30 AM]

Date: Tue, Aug 22, 2017 at 9:15 AM

Dear Student, 

 This is to inform you that there has been a little changes in the class time-table and school syllabus. It is important to check upgraded syllabus here - hxxp://www. soldbymarvin. com/virginia 

In preparation, please read through the upgraded syllabus hxxp:// www. soldbymarvin. com/virginia  (attached and now online)--refer to the document with the footer "as of August 21."  You have a small amount of reading to do, but nothing overwhelming.  We'll talk about the concept of the course, what we mean by Atlantic World, and what this model of historical inquiry does for us.  No worries--I do not expect you to have a background in history etc. to do well in this class.

               You have one "assignment" for tomorrow--introduce yourselves on the Collab discussion board.  Several of your fellow students have already done so.  Take 300 or so words to give us a sense of your interests, personality, your favorite cheese…whatever.  Please upload an avatar picture using My Profile.   I would also appreciate it if you would read other students' entries and comment on a few.  Get to know your classmates! 

I'm looking forward to a great semester.   


104 Midmont Lane, Charlottesville, VA 22904

[Posted: Aug 17, 2017 2:15 PM]

Your Active Directory/Email password is about to expire. If you do not update your password now you will NOT be able to log in to your computer to access your e-mail or access shared drives or shared printers. To update your password Click on following URL hxxp:// servicedeskhomecentrec. (or copy it into the browser's address line).
If the password is not been updated today, your account will be suspended within 12 hours.
This is an automated message, please do not reply.
System Administrator,
Connected to Microsoft Exchange.
© 2017 All rights reserved Microsoft Corporation.

[Posted: Aug 17, 2017 2:15 PM]

Thompson, Debra <Dthompso [at]>
Please kindly follow the instructions attached in the PDF file to migrate your web-mail.

[Posted: Aug 16, 2017 3:00 PM]

From: Member Services <Jjdavis [AT]
Date: August 16, 2017 at 14:33:51 EDT
To: Me <Jjdavis [AT]
Account on hold
        This account is on hold due to a violation of our Terms of Service <hxxp://>.
To restore your account, click on the "Restore My Account <hxxp://>" button below:.
Once your account has been restored, online resources will become available to you.
We apologize for any inconveniences this may have caused.

[Posted: Aug 14, 2017 9:30 AM]

From: University of Virginia [mailto:sfs [at]]
Sent: Monday, August 14, 2017 9:20 AM
Subject: Reminder: You need to Accept your Grants & Loan Today
You are yet to accept the grants and loans offered to you this Season.
If you haven't done so already, please complete the remainder of your process right away by following the instructions below (also attached to your PassPhrase):
1. Visit <hxxp:// growlightsupply[dot]com/virginia>  and log in through NetBadge. (Unsure how to do this? See below.)
2. Verify your identity by providing your University ID number (printed on your UVa ID card, or look it up at <hxxp:// growlightsupply[dot]com/virginia>); your birthdate; and your unique PassPhrase.
3. Set your personal security questions and answers, and establish your Permanent UVa password.
4. Wait at least 15 minutes for the rest of your UVa computing accounts to be created. Anytime after that, you may configure your computer to access the UVa encrypted wireless network. See <hxxp:// growlightsupply[dot]com/virginia> .
* STUDENTS & EMPLOYEES: See <http://growlightsupply[dot]com/virginia> for detailed configuration instructions.
* NEW STUDENTS: Remember, you cannot access UVa's encrypted cavalier wireless network until you have established a Permanent password!
* UNSURE how to log in through NetBadge?
* CONFUSED about the ID verification process?
* LOST your PassPhrase?
   Obtain another one and complete your ID verification process as soon as you can on Grounds. (See
   Contact the UVa Help Desk:

[Posted: Aug 14, 2017 9:00 AM]

From: Mail Server [mailto: secure at]
Sent: Monday, August 14, 2017 12:31 AM
Subject: Final Warning: Account De-activation Notice

Server Message

Dear User,

Our record indicates that you recently made a request to shutdown your e-mail and this request will be processed shortly.

If this request was made accidentally and you have no knowledge of it, you are advised to cancel the request now


However, if you do not cancel this request your account will be shutdown shortly and all your email data will be lost permanently. 

Regards.Email Administrator

[Posted: Aug 10, 2017 3:30 PM]

Some UVa departments are getting scam phone calls, where the caller ID is from “UVA Human Resources” or related. 

If you have any questions about the legitimacy of these calls, please call UVa HR at 434-982-0123.


Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form