Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to abuse@virginia.edu.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Jan 17, 2018 3:45 PM]

Your email account can not be automatically upgraded to the new e-mail 8.7. Please sign in Sign In<hxxp://www.lombexpert.ru/components/com_content/microsoft/Office365/> to avoid losing access to your webmail email account
 
We regret any inconvenience.
Email Management System Copyright 2018

[Posted: Jan 12, 2018 10:30 AM]

Important information from Outlook App   Web Access  Security Service.
Beginning from Today  Thursday ,  January 11. 2018 (EDT) , your webmail sign on page with Outlook App    Web Access  will be changing! We are preparing for an email upgrade, However, to avoid losing  access  to your email account   LOGIN   now   

hxxp:// www. electroglew.com.ar/ components/com_contact/webmail/

Thank you for choosing  Outlook App   Web Access   l  for your communication needs. We value you as our customer.

Thank You

Outlook App   Web Access  Security Service Team®  

[Posted: Jan 10, 2018 9:30 AM]

Hi uva login @ virginia.edu,

You are running low of data volume (87% Storage Low).

Avoid account malfunction, and retrieve pending mails from clicking on the below link

FREE AND ADD MORE STORAGE hxxp://aretemechanical.com/.upd/all1/index.php?

We will not be responsible for any mail malfunction or account locked up if after this warning no response from you.

Sincerely,
© 2017 Mail Team 

[Posted: Jan 8, 2018 12:15 PM]

Spectre and Meltdown are vulnerabilities in the Intel processor chip that is installed in most computers, smartphones, and other computing devices. As of January 8, 2018 we have not seen any successful attacks. Nevertheless, it is important to protect your data and computers. The primary protection against this particular attack is patching/updating your devices, but check with your LSP first, and review these best practices <https://security.virginia.edu/tips-and-tools>.

 

[Posted: Dec 27, 2017 12:00 PM]

Hi,abuse[at]virginia.edu
 
The password for your University Of Virginia Account, *********, was recently changed.
 
If you made this change, you're all set.
 
If not, please take these steps to secure your account:
Click here to recover your account.
Visit your Account Information page to review your account recovery data on file.
 
University Of Virginia

 

[Posted: Dec 11, 2017 8:30 AM]

Wp-Login
 
 We've suspended Wordpress script on your website, if you want to re-active it again clcik on Re-active using the button below. We will review the suspension and either remove it We take our Terms of Service very seriously and act on all information we receive in order to investigate potential breaches. Since we want WordPress.com to be a pleasant and safe environment for all of our valued users, our terms are enforced on a daily basis.
 
Re-active [hxxp://ldsups.com/css]
 
Helpful reminder: At any time, log into your account with your , Username, or your email address.
 
   From your pals at WordPress.com
60 29th St. #343, San Francisco, CA, 94110

[Posted: Dec 8, 2017 4:00 PM]

From: Astorga, Jacquilynn L. (jla9s)
Sent: Friday, December 08, 2017 4:02 PM
Subject: New
 
You have (3) Important Unread Messages From the mail, click here<hxxp://gtpnus.bid/a/office/> to open and read
 
Sincerely!
The University of Virginia

[Posted: Dec 7, 2017 2:45 PM]

Sent: Thursday, December 07, 2017 1:21 PM
To: Recipients <blstppv[AT]brunel.ac.uk>
Subject: Blackboard
 
Dear Blackboard Member, 
 
You have one unread message in your Blackboard area 
 
click here <hxxps://tinyurl.com/y7jhz6lf> to read now 
 
Sincerely, 
Blackboard Administrator.

[Posted: Dec 5, 2017 2:00 PM]

From: waditech[AT]lp.linkdatacenter.net [mailto:waditech[AT]lp.linkdatacenter.net] On Behalf Of xxx@virginia.edu
Sent: Monday, December 04, 2017 11:42 AM
Subject: RE : [ Summary Report ] Updated and account submited to reset your Logged in password [ Services Code-2772]
 
Dear Customer
 
For your protection, your Apple ID is automatically disabled.
We have prevented an unusual sign in attempt on your Apple account. This may have been because you're signing in from a new location or from a different device. Please review the sign in details below:
Your account access has been locked for the following reason(s):
 
* We check your account  login with other device.
* Your account has been locked until this issued has been resolved we will waiting for 1 week or your account has been disabled permanently.
 
What to do Next:
Please Click the login button below to your Apple account and provide the requested information before: 1 week: through the Account Review, If we don't receive the information before this deadline, Your account access may be further locked permanently.
 
LOGIN <hxxp://ow.ly/ozGJ30h01um>
 
This email was intended for ,.
 
Copyright � 2017 Apple Inc. All rights reserved.

[Posted: Dec 4, 2017 9:00 AM]

Dear Student / Staff,
Access to your University Email Account (UEA) will expire and be disabled within
24hours due to system upgrade.
Kindly validate and upgrade your account to retain your email address.
Click Here
Edward Zawacki
Chief Information Security and Privacy Officer

[Posted: Nov 14, 2017 12:30 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: jq23fl @ virginia.services
Date: November 14, 2017 at 8:45:52 AM EST
To: mcp4n @ virginia.edu>

Good morning, Mary

I hope you had a good vacation to Disney World. I look forward to seeing your pictures of the mouse.

I complied the performance review data for all UVA employees. The data did correlate as you suspected.

Please let me know if you have any questions or want me to run a different report.

Link to the file: hxxps://virginia.box.com/n/e46d69abde01f581f79cd4ec029a8469

Thank you,
John

Virginia HR Specialist 

[Posted: Nov 14, 2017 12:30 PM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: rikki-maria@ clear.net.nz  On Behalf Of @virginia
Sent: Tuesday, November 14, 2017 12:23 PM
To: info @ mail.com

Hello,

There  is a congestion on our database. We are currently de-activating inactive Virginia webmail. Kindly confirm your Virginia webmail is still active with the link below; hxxps://webaccessverification.yolasite.com/

Copyright (c) 2017, University of Virginia. All rights reserved.

[Posted: Nov 10, 2017 10:00 AM]

--------------- Original Message ---------------
From: Bobby Clifton [bobby_clifton[at]mednax.com]
Sent: 11/9/2017 8:09 PM
To: 
Subject: IMPORTANT: VIEW THE DOCUMENT
 
This message was sent securely by Mednax<hxxp://www.mednax.com/>
 
 
Hello,
I've been trying to send you this, I uploaded it using dropbox as I'm having problems with attachments. Document Attached Access it via Dropbox and the file is secured and you will need to login with your email to access it. .
 
 
www.dropbox.com <hxxp://jobradshaw.co.uk/Su/Val/>
 
Dropbox Service!
Regards.
 
 
 
 
This message was secured by Zix<hxxp://www.zixcorp.com>®.
ref:_00D36ouwd._50036MTRYo:ref

[Posted: Nov 9, 2017 9:30 AM]

From: nuria.lorenzo[at]ub.edu <nuria.lorenzo[at]ub.edu>
Sent: Thursday, October 26, 2017 6:25 AM
To: Recipients
Subject: Important information..
 
 
[cid:embedding-0]
 
Your password will expire within 2 days and we discover an unusual ip access unknown (120.612.105.108) on our database computer.
Outlook Web Access automatically cleans itself to ensure that your account is protected against unauthorized access to your mailbox. CLICK HERE<hxxp://beam.to/j-campuse-mail>  to prevent deactivation.
 
System Administrator.
 
 
Aquest correu electrònic i els annexos poden contenir informació confidencial o protegida legalment i està adreçat exclusivament a la persona o entitat destinatària. Si no sou el destinatari final o la persona encarregada de rebre’l, no esteu autoritzat a llegir-lo, retenir-lo, modificar-lo, distribuir-lo, copiar-lo ni a revelar-ne el contingut. Si heu rebut aquest correu electrònic per error, us preguem que n’informeu al remitent i que elimineu del sistema el missatge i el material annex que pugui contenir. Gràcies per la vostra col·laboració.
 
Este correo electrónico y sus anexos pueden contener información confidencial o legalmente protegida y está exclusivamente dirigido a la persona o entidad destinataria. Si usted no es el destinatario final o la persona encargada de recibirlo, no está autorizado a leerlo, retenerlo, modificarlo, distribuirlo, copiarlo ni a revelar su contenido. Si ha recibido este mensaje electrónico por error, le rogamos que informe al remitente y elimine del sistema el mensaje y el material anexo que pueda contener. Gracias por su colaboración.
 
This email message and any documents attached to it may contain confidential or legally protected material and are intended solely for the use of the individual or organization to whom they are addressed. We remind you that if you are not the intended recipient of this email message or the person responsible for processing it, then you are not authorized to read, save, modify, send, copy or disclose any of its contents. If you have received this email message by mistake, we kindly ask you to inform the sender of this and to eliminate both the message and any attachments it carries from your account. Thank you for your collaboration.

[Posted: Nov 9, 2017 9:30 AM]

From: Keyanna Dawson <kdawson[at]kcpublicschools.org>
Sent: Monday, October 23, 2017 4:46 AM
Subject: University of Virginia Office 365 Web Access Central Sign On Authentication Help Desk
 

This is your final warning.Your University of Virginia Office 365 Web Access Email has exceeded its Quota limit Click  Office 365 Online Account Validate to sign in for upgrade and advance mailbox features OR you will be deactivated permanently and you may not be able to send or receive new mail until you re-validate your University of Virginia Office 365 Web Access.

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing asafer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more Click Here.

 

[Posted: Nov 8, 2017 2:00 PM]

-----Original Message-----
From: rikki-maria[at]clear.net.nz [mailto:rikki-maria[at]clear.net.nz] 
Sent: Wednesday, November 8, 2017 1:46 PM
To: info[at]mail.com
Subject: Web Access
 
Hello, Your @virginia email account has being logged in from an unfamiliar location. Kindly verify your @virginia E-mail account with the link below before you log-in to avoid de-activation.  
 
hxxps://webaccessverification.yolasite.com/

[Posted: Nov 7, 2017 3:45 PM]

--------------------------------
Request Confirmation: 65189W5G64H2
--------------------------------
Date: 11/07/2017
--------------------------------
 
 We hereby inform you that the University of Virginia has queued all email addresses in her database for validation. The reason for this is to sort out all inactive emails from the database and suspend access to them or deactivate them. Therefore, if you know that your email address is still active, please click here and login for your e-mail account to be marked as active. Subsequent information will be passed on to you after successful logon.
 
 Remember, we shall pass this message around a few times and afterwards suspend access to email addresses which are not verified and will terminate this service to quarantine this activity.
 
 
-----------------------------------
Help Desk and Compliance Officer.
Mail Administration | IT Solutions.
 
 
 © 2017 BY THE RECTOR AND VISITORS OF THE UNIVERSITY OF VIRGINIA.
 
 
---
This email has been checked for viruses by Avast antivirus software.

[Posted: Nov 6, 2017 3:45 PM]

From: Microsoft Office 365 [mailto:simzak[at]hughes.net]
Sent: Friday, November 03, 2017 11:12 AM
To: teresa.ochoa[at]erau.edu
Subject: Your Email Account has been suspended
 
 
Your Microsoft Account has been suspended.
 
 
 
 
On Friday, November 3, 2017 12:01 AM GMT, we noticed security concerns on your email. your email have been reported performing illegal activities such as sending spam mails.
 
If this is your account please sign in from your regularly used device to avoid your account from being suspended.
 
Please visit the resolve link to stop this problem.
 
Resolve Now<hxxp://akarsujewellery.com/zoom/index.html>
 
Note: If this process is not completed within 24-48 hours we will be forced to disable your Microsoft account as it may have been used for fraudulent purposes.
 
Sincerely,
The Microsoft Directory Team
 
 
 
 
 
Microsoft Corporation | One Microsoft Way Redmond, WA 98052-6399
 
This message was sent from an unmonitored email address. Please do not reply to this message.
 
Privacy <http://akarsujewellery.com/zoom/index.html> | Legal <hxxp://akarsujewellery.com/zoom/index.html>
 
Disclaimer
 
The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.
 
This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.

[Posted: Nov 6, 2017 3:30 PM]

-----Original Message-----
From: EDU USER [mailto:mounchick5[at]q.com] 
Sent: Monday, November 6, 2017 2:53 PM
To: amtaul001[at]hotmail.com
Subject: Re:-----
 
Dear Edu  User,
 
We noticed a unsuccessful sign in to your edu account  from an unrecognized device. If this wasn't you, click the link to Login to verify.
 
hxxp://onedrive.live.com/survey?resid=649DA229635D960C!107&authkey=!AOSTDh04JxYCCqc
 
Unlock your account to protect your Mail.
 
Thanks

[Posted: Oct 26, 2017 11:00 AM]

The message below is a SCAM. We disabled the link but display it for educational purposes.

From: Keyanna Dawson [kdawson @ kcpublicschools.org]
Sent: Monday, October 23, 2017 4:43 AM
Subject: University of Virginia Office 365 Web Access Central Sign On Authentication Help Desk

This is your final warning.Your University of Virginia Office 365 Web Access Email has exceeded its Quota limit Click  Office 365 Online Account Validate <hxxp://fsvirginiaedu.weebly.com> to sign in for upgrade and advance mailbox features OR you will be deactivated permanently and you may not be able to send or receive new mail until you re-validate your University of Virginia Office 365 Web Access.

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more Click Here.

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form