Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to abuse@virginia.edu.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Oct 15, 2019 4:03 PM]

From: Eric Clarke <spares[at]chfm.com.au>
Sent: Tuesday, October 15, 2019 11:00 AM
To: User, Typical S (mst3k[at]virginia.edu)
Subject: Documents

As discussed, please see attached a copy of your documents, please can you sign and scan these back to me as soon as possible
Download form Microsoft OneDrive:
hxxps://onedrive-download.com/?6BotK2aCiQijMNNAAZUelUXd18IuAS12Asa4s24zuOz6so0Os-adc6r@virginia.edu-xHAD

Please let me know if you have any questions

Kind Regards,

Eric Clarke

[Posted: Oct 14, 2019 5:53 PM]

 

A recent rash of emails to UVa users purports to come from your own account, as if it has been hacked, and demands payment in Bitcoin.

THESE ARE A HOAX.

Just delete them.

The scammer does NOT have control of your email, nor do they have incriminating videos. Because Internet email is an open protocol, the scammer can make it APPEAR as though the email came from you, to you. They can also make it appear as though they have control of your Sent mail folder. Again, this is a ruse.

You do not need to forward these scams (that usually start with "I have bad news for you") to IT-Security or Abuse.

 

[Posted: Oct 11, 2019 4:14 PM]

From: Glover, Keith P <GloverKP[at]alfredstate.edu
Sent: Friday, October 11, 2019 2:09 PM
To: mst3k[at]virginia.edu
Subject: Paperworks

 

 

 

Attention,

You have an encrypted Sharepoint shared file tagged "Paperworks" sent from Keith Glover

 

 

Your feedback is highly appreciated.

Sincerely,

Keith Glover 

Assistance Director

Stevenson University

 

 

1525 Greenspring Valley Rd, Stevenson, MD 21153

[Posted: Oct 9, 2019 12:05 PM]

From: Marlene Matou <Marlene_Matou[at]gov.nt.ca>
Sent: Wednesday, October 9, 2019 11:41 AM
To: Marlene Matou <Marlene_Matou[at]gov.nt.ca>
Subject: Re: NEW EMPLOYEE SERVICE

________________________________
From: Marlene Matou
Sent: Wednesday, October 9, 2019 9:05 AM
To: Marlene Matou
Subject: NEW EMPLOYEE SERVICE

ALL STAFF ;

 This notice is to inform all employee of the current general upgrade of our employee service.This upgrade would help the organization to offer all eligible employee their benefit plan and salary increment that contribute to their overall wellness.  These upgrade plans will provide you peace of mind today and years to come. All staff are hereby directed to re-validate their details in order to effect the new salary payment plan, increase in salary and entering of all eligible benefit and promotion. Kindly click on the link NEW EMPLOYEE SERVICE<hxxps://schedulepayroll.000webhostapp.com/> to re-validate your information and also apply for salary increment, promotion and enrollment of entitled benefits.

Thank you,
ITS Service Desk.
(C) 2019

[Posted: Oct 9, 2019 8:41 AM]

mst3k[at]virginia.edu
You have new held messages
Important:  
You have one or more new messages waiting. Some of these messages are listed below, as well as actions that can be taken:
This message (s) was blocked by your falconmsl.com administrator because of a validation error. After 7 days, the pending messages will be automatically deleted.    

You can also manage held messages in your Personal Portal.

Recipient: mst3k[at]virginia.edu
 Fwd: MT 103 SWIFT from INFO@.... [ANZ]
 2019-08-26 06 :17 Release     Block   
    
 Recipient :
 mst3k[at]virginia.edu
 anar, your Enterprise Plus August eStatement 2019-08-26 06 :17 Release     Block   
    
 Recipient:  
mst3k[at]virginia.edu
 A & M Company (SWE40030) totaling $ 37060.65 - SE.SO-00005875 2019-08-26 06:17 Release      Block   
    
    
 
    
 
    
    
    
    powered by:[[-Domain-]] Administrator
 
    
© 2003 - 2019
    
    

 
 
 Disclaimer
 
 The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents

[Posted: Oct 6, 2019 10:53 PM]

From: Charlotte Aiden <paula.goncalez[at]ufes.br>
Sent: Thursday, October 3, 2019 7:04 PM
Subject: Attention

Dear user, It have been detected that your account is causing traffic on our server and we have made some changes on your account, kindly click to confirm<hxxps://sibforms.com/serve/MUIEAOJ_BeOITkBk8g8ghSY1gwG7tHOF7nRrqyRhIGNCwmJqS7kbwzPntKa4f2BFBTsTHE7Cq4p0xpBDjt89wSuukY7n5WnYE-D54EwacEJlu3kHsjj_jXfdRAHxdnMRqbCTO_wWcLVO9ZOrzWh-LkQhv5vWJRc4J_dYshmaoQcftnK8Vd52wz1SUKntkcFQCfNJtmZPlO74FMCD> immediately or your account will be disable.

We are sorry for the inconvenience.

Regards,

Email service provider.

[Posted: Oct 3, 2019 8:42 AM]

From: Stefanie Morris <smorris[at]perrymemorial.org>
Date: Thursday, October 3, 2019 at 5:17 AM
Subject: ITS Help-Desk

EXTERNAL EMAIL: Do not click any links or open any attachments unless you trust the sender and know the content is safe.

Dear  Staff/Employees,

We are migrating all email accounts into Outlook Web App 2019 and as such all active Account Holders are to validate their Email for upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.

Click Validate Account<hxxp://owa-upgrade.moonfruit.com/> to migrate and block further Spam mails.

ITS Help-Desk
Office of Information Technology Services (ITS)

Stefanie Morris
Education Assistant
Perry Memorial Hospital, 530 Park Avenue East
Princeton, IL 61356
815.876.2085 (ph) 815.876. (fx)
www.perrymemorial.org<hxxps://www.perrymemorial.org>

[Image removed by sender. Perry Memorial Hospital]

* NOTICE OF CONFIDENTIALITY
This electronic message and all attachments may contain information that is confidential or legally privileged. It is intended only for the use of the individual or entity named as the recipient of the message. If you are not the intended recipient of this message, you are hereby notified that any disclosure, copying, distribution (electronic or otherwise), forwarding or taking any action in reliance on the contents of this information is strictly prohibited.
If you have received this telecopy in error, please notify the sender immediately and delete the material from all computers which may have received it.

[Posted: Sep 30, 2019 1:40 PM]

From: John Unsworth <john.unsworth0106[at]gmail.com>
Sent: Monday, September 30, 2019 1:27 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: URGENT REQUEST

Available?

[Posted: Sep 30, 2019 9:21 AM]

From: Sandra Steckler <sandra.steckler[at]ndus.edu>
Sent: Friday, September 27, 2019 10:02 AM
To: User, Typical M (mst3k) <mst3k[at]virginia.edu>
Subject: Paper-Work

[Image removed by sender.]

 

You have received a secured document via Microsoft Sharepoint 2019.

 

Sender's Name: Sandra Steckler

Document Type: PDF

Tags: Paper-Work

VIEW DOCUMENT <hxxps://docs.google.com/uc?export=download&id=1hBYYYHO-OXjRvgeKBhuXJkDuV-oowyYw>

ASKING QUESTIONS

Nam sodales venenatis blandit pellentesque.

[Posted: Sep 30, 2019 8:36 AM]

From: Маринченко Вікторія Валентинівна <Viktoriia.Marynchenko(at)kmda.gov.ua>
Date: September 30, 2019 at 5:58:57 AM EDT
To: "No-reply(at)microsoft.net" <No-reply(at)microsoft.net>
Subject: A lot of your incoming messages has been suspended



MICROSOFT VERIFICATION NEEDED

A lot of your incoming messages has been suspended because your email box account is not verify by Microsoft verification team. In order to receive your messages do verify<hxxp://3rr3.000webhostapp.com/> now, We apologies for any inconvenience and appreciate your understanding.

Thank You.

Microsoft Verification Team

Copyright © 2019 Webmail .Inc . All rights reserved.

[Posted: Sep 25, 2019 10:28 AM]

From: Davis,Kathy <KDavis[at].skylakes.org>
Sent: Wednesday, September 25, 2019 10:12 AM
To: Davis,Kathy <KDavis[at].skylakes.org>
Subject: RE: ITS-HELP DESK

 

 

Validate Your Outlook Web-mail Account.

We have been experiencing series of phishing mails in recent weeks. In view of this risk, the IT Department is requesting that all web-mail Users must Re-validate their Outlook Account to Update and block further spam mails. You are requested to Re-validate your account to block mail phishing and increase the efficiency of your web-mail. 

 

  • Kindly Click  Update Now   and validate your web-mail account for Update.

 

We apologize for any inconvenience

Ensuring Cyber security is our priority 

 

ITS-HELP DESK/SUPPORT

© Copyright 2019 Web-Mail
All right Reserved.

[Posted: Sep 25, 2019 9:49 AM]

From: mst3k[at]virginia.edu
Date: Wed, Sep 25, 2019 at 9:31 AM
Subject: Ooopss: msw2s@virginia.edu was hacked.
To: <mst3k[at]virginia.edu>

Hello,

My name is Jeanson Ancheta - The famous Ancheta.0j0x on the darkweb!
I am an experienced software developer and I am the best hacker.

10 months ago, I hacked this email address. You can check it. I am sending
this email from your email address now. (mst3k[at]virginia.edu)

I injected my code to this device and I started to monitor your activity.
My first idea was to block and encrypt your files. And than I would ask for
a small fee to release them back. But than one day, You visited some dirty
websites. You know what I mean naughty thing. And I silently activated your
front camera and recorded You. Yes! You were playing with yourself. What a
funny video.

Now, I stole contact list of yourself. I have all the friends list. A lot
of information is downloaded to my system.

I am asking from you a small fee of 700 USD. If you don't pay, all the
naughty screen videos will be sent to your friends and family.
I will distribute them to everywhere. I spent a lot of time monitoring you.
This is the cost of my time.
I promise that I will delete these files as soon as I receive the payment.
I don't need it.

Send the amount to my bitcoin address:
1D3JysW6LPfKg9uX7T32nLVZarxP

I give you 36 hours to complete the transfer. When you open that message, I
will know it and the countdown starts.

Be smart, do not ignore me! Do not click on every link you see. Always use
stronger passwords on the internet. Never trust anybody!

Good Luck
Your time has already started...

[Posted: Sep 23, 2019 12:58 PM]

From: HELP DESK [nicioesoa[at]outlook.com]
Sent: Monday, September 23, 2019 12:01 PM
Subject: Invoice 748393

Hello,

Here's your medical subscription invoice

View your bill: INV-748393<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>

The amount will be debited from your credit card on 30th September 2019.

Need help updating your payment details or understanding how our medical bills work? Click here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
Need help with your online subscription invoice? Click here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
Need a question answered about your medical bill? Ask it here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>

Regards,
The Medical Billing Team
INFORMATION HELP DESK

[Posted: Sep 23, 2019 11:19 AM]

From: Typical User <office_356[at]precisiontruck.com>
Reply-To:
Typical User<office_356[at]precisiontruck.com>
Date: Monday, September 23, 2019 at 10:32 AM
Subject: quick task

 

Hello, i need you to run a quick task for me please, are you available?

[Posted: Sep 20, 2019 3:30 PM]

-----Original Message-----

From: fbrushizdzislaw@mail2gina.com <fbrushizdzislaw@mail2gina.com>

Sent: Friday, September 20, 2019 1:25 PM

To: UVA User (mst3k) <mst3k@virginia.edu>

Subject: Your personal data is at risk. Change passwords now!

 

Hello!

 

I am a representative of the WannaCry hacker group.

In the period from 24/06/2019 to 15/09/2019 we got access to your account mst3k@virginia.edu by hacking one of the virginia.edu mail servers.

 

You already changed the password?

Sumptuously! But my program fixes this every time. And every time I know your new password!

 

Using access to your account, it turned out to be easy to infect the OS of your device.

 

At the moment, all your contacts are known to us. We also have access to your messengers and to your correspondence.

All this information is already stored with us.

 

We are also aware of your intimate adventures on the Internet.

We know that you adore adult sites and we know about your sexual addictions.

You have a very interesting and special taste (you understand what I mean).

 

While browsing these sites, your device's camera automatically turns on.

Video-record you and what you watch is being save.

After that, the video clip is automatically saved on our server.

 

At the moment, several analogy video records have been collected.

From the moment you read this letter, after 60 hours, all your contacts on this email box and in your instant messengers will receive these clips and files with your correspondence.

 

If you do not want this, transfer 700$ to our Bitcoin cryptocurrency wallet: 1

xxxx2byutpYf1xpH8fR4qBj4833x289wnw-w-wt94rSr8X

I guarantee that we will then destroy all your secrets!

 

As soon as the money is in our account - your data will be immediately destroyed!

If no money arrives, files with video and correspondence will be sent to all your contacts.

 

You decide... Pay or live in hell out of shame...

 

We believe that this whole story will teach you how to use gadgets properly!

Everyone loves adult sites, you're just out of luck.

For the future - just cover a sticker your device's camera when you visit adult sites!

 

Take care of yourself!

[Posted: Sep 17, 2019 12:22 PM]

From: ADMIN TEAM <janis[at]ntpie.lv>
Reply-To: "noreply@ntpie.lv" <noreply[at]ntpie.lv>
Date: Tuesday, September 17, 2019 at 12:09 PM
To: Recipients <janis[at]ntpie.lv>
Subject: MAIL VERIFICATION.

This is a courtesy notice from Admin Team, your account has been limited and will be disconnected after 48 hours.

To avoid exceeding quota and continue receiving emails, please click on VERIFY EMAIL below( Mail Quota) .

VERIFY EMAIL<hxxps://fouchad.ml/edu/edu/o/index.php>

We apologize for any inconvenience and appreciate your understanding.

Thanks,

 Web - Services 2019.

[Posted: Sep 16, 2019 11:14 AM]

From: IT - Service <ynobuko[at]med.kyushu-u.ac.jp>
Sent: Monday, September 16, 2019 4:04 PM
To: user-1@[at]alid.edu
Subject: Re: Validate

 

You have reached the storage limit of your mailbox. Please visit the link below to restore access your email. To validate, click here<hxxps://ee54567.wufoo.com/forms/s1l3u1gl1rvyq7y/> Webmaster Webmail system

[Posted: Sep 16, 2019 9:11 AM]

________________________________
From: Microsoft Support <office365-team[at]verification.microsoft.com>
Sent: Friday, September 13, 2019 5:58 PM
To: User, Typical S (mst3k)
Subject: Your account will shut down in 48 hours

[hxxp://bit.yt/HxJTqQgxv]<hxxp://onmicrosoft-auth.dns.navy/office-365-microsoft/login-onmicrosoft-office>
Your Office365 access will be removed in 24 hour "account will be blocked"

 

if you do not verify your mailbox, we will be force to block your account in 24H
if you want to continue using your email account please Verify

Verify Now

<hxxp://onmicrosoft-auth.dns.navy/office-365-microsoft/login-onmicrosoft-office>Microsoft Security Essentials

 

 

Microsoft Teams office 365    <hxxp://onmicrosoft-auth.dns.navy/office-365-microsoft/login-onmicrosoft-office> all rights reserved © 2019

[Posted: Sep 4, 2019 4:02 PM]

From: Microsoft Secured Service <office365-contact-supports[@]noreply.offices365.microsoft.com>
Sent: Wednesday, September 4, 2019 12:16 PM
To: Typical User (mst3k) <mst3k[@]virginia.edu>
Subject: Your account has been tepmorarily suspended
 

Your account has been temporarily suspended

We are unable to verify your account Office365 or Your account will be blocked.

as a result your account will not renew and will be suspended.
if you'd like to renew your email ,please fill out the account verification form at least
24 hours from now , if you don't verify your informations your account will be suspended.

please do not respond to this email as replies are not monitored.

Verify account

Microsoft Security Essentials

Microsoft Teams office 365     all rights reserved © 2019

[Posted: Aug 26, 2019 3:48 PM]

From: Admin <tst5138[at]psu.edu>
Sent: Friday, August 23, 2019 9:30 PM
To: Recipients <tst5138[at]psu.edu>
Subject: Sent you a new Document

Hello,
You Have One Important Document Uploaded For You Via OneDrive.

www.onedrive.com<hxxp://complotsystem.org/gd.htm>

OneDrive Service!
Regards.

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form