Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to abuse@virginia.edu.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Feb 21, 2019 1:56 PM]

From: Tian, Xue (xt8jx)
Sent: Thursday, February 21, 2019 12:48 PM
To: User, Typical (,st3k) <mst3k[at]virginia.edu>
Subject: UVA Career Jobs Available !!!

Hello,

Are you interested in working as an  Executive Assistant on part-time basis?

Job Type: Part-Time Job
Pay:$300 weekly
Hours: Average of 10hrs weekly

This position will be home-based and flexible part time job, You can be working from home, School or any location in the USA. Click here<hxxps://form.jotform.com/90514696903261>  to start your online application.

[Posted: Feb 20, 2019 10:58 AM]

From: Craig H Benson <engrdean.virginia.edu[at]gmail.com>

Date: February 20, 2019 at 3:55:41 AM EST

To: mst3k[at]virginia.edu

 

 

Are you available ? i will be going to a meeting with limited phone calls, Keep an eye on your e-mail. How close are you to a store ?

 

Craig H. Benson, PhD, PE, NAE

Dean, School of Engineering and Applied Science

Thornton Hall, Rm A124

Office of the Dean

351 McCormick Road

P.O. Box 400246 

Charlottesville, VA 22904

Phone: 434-924-3593

engrdean[at]virginia.edu

[Posted: Feb 19, 2019 12:14 PM]

________________________________
From: Long, Judith
Sent: Tuesday, February 19, 2019 8:18 AM
Subject: Email Security Gateway

Dear ID Holder,

You are requested to update your account to avoid further mail phishing which goes around your account as instructed by the ICT department kindly click on ICT Technical Support<hxxps://facultyandstaffmailboxcleanup.bookmark.com/helpdesk> to avoid mail termination.

Regards,
ICT Team,
Outlook Services for Staff and Internet services.

[Posted: Feb 18, 2019 1:40 PM]

From: Branch, Garland Thomas (mst3k) <mst3k@virginia.edu>
Sent: Monday, February 18, 2019 1:37 PM
Subject: Urgent Uva Email Verification!

We just Notice that your  UVA email account was log on to another Computer from different Location and you are to Verify your Personal identity to restore your Spam filter so you could start sending and receiving mails. To upgrade your quota now, you need to Click here<hxxps:<slash><slash>uvaemailverification.godaddysites.com/> to login and restore your email .:
Thank you.
Security Alert Office.
Thanks for your anticipated co-operation, Upgrade Team.

[Posted: Feb 18, 2019 1:07 PM]

From: Bridges, Paige (mst3k) <mst3k@virginia.edu>
Sent: Monday, February 18, 2019 12:52 PM
Subject: Uva Email Tarmination!

Our record indicates that you recently made a request to terminate your Toppermail Account.  And this process has begun by our administrator.

If this request was made accidentally and you have no knowledge of it, you are advised to verify your account.

Please give us 24 hours to terminate your account OR verifying your account

CLICK  HERE<hxxps:<slash><slash>uvaemailverification.godaddysites.com/>  TO VERIFY

Failure to Verify will result to closure of your account.

Notice from IT Help Desk.

Privacy Policy | (c) 2019 Liberty University. All rights reserved

[Posted: Feb 12, 2019 8:17 PM]

From: Gammon, Shandra Eileen (seg5h) <seg5h@[at]virginia.edu>
Sent: Tuesday, February 12, 2019 3:14 PM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: UVA Internship And Job Positions Available

Hello  are you looking for a part-time job or an internship while taking classes? DATON LAMINA INC. is currently seeking for workers to occupy the following job positions below.

*Data Entry Clerk
*Data Analyst
*Accounting Clerk Bookkeeper
*Accounting Executive
*Clerical Administrative
*Payroll
*Medical billing
*Administrative Assistant

3-5 hours Mon-Fri.
Salary: $30.55 per hour.
Training: $20.55 per hour.

This positions are home-based and flexible part time job, You can be working from home, School or any location in the USA.  Click here<hxxps://form.jotform.com/90422374490152>  to start your online application.

[Posted: Feb 8, 2019 11:27 AM]

From: Massey
Sent: Friday, February 8, 2019 10:31 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Scammer, Evil (xyz1a) invoice

Dear,
This is to inform you that there is still an outstanding payment of $521.
We would appriciate it if this could be settled till Monday.

I have attached the current invoice link<hxxp://tauhid.staf.unis.ac.id/yiTfS_Jl4iu-KVxZ/fJx/Information/2019-02> and the password for the document<hxxp://tauhid.staf.unis.ac.id/yiTfS_Jl4iu-KVxZ/fJx/Information/2019-02> is: 717468.

Thanks,

Scammer, Evil (xyz1a)

O: 988-398-0141 / 988-398-1965
M: 988-398-7252 / 988-398-4302
E  xyz1a[at]eservices.virginia.edu<mailto:mst3k[at]eservices.virginia.edu>

[Posted: Feb 7, 2019 2:43 PM]

Your incoming mails is been stopped. Kindly click on link below and fill out the form to access incoming messages.

INCOMMING<hxxps://webmailloginowa.weebly.com/>

Copyright (c) 2019

Confidentiality Notice:
This message may contain confidential or privileged information, or information that is otherwise exempt from disclosure. If you are not the intended recipient, you should promptly delete it and should not disclose, copy or distribute it to others.

[Posted: Feb 7, 2019 10:17 AM]

From: Service Apple <ibotrecord[at]ibotrecords.com>
Sent: Wednesday, February 6, 2019 4:28 PM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Action Required : Your Account Must Be Verified

[cid:apple-1x-large.png]

Your Account Must Be Verified.

Dear,

This is an automatic message by the system to let you know that you have to verify your Account information within 72 hours. We are currently updating our systems to a new version ,So we invite you to verify your information, Once you have verify your account records, your information will be confirmed and your account will start to work as normal.

 Verify Your Account<hxxps://pxlme.me/7kXWUNIx/> >>

This email was sent automatically during routine security checks. To protect your account from Avoid phishing emails, fake 'virus' alerts, phony support calls, and other scams .

Sincerely,
Apple Support

TM and copyright (c) 2019

All Rights Reserved<hxxp://www.apple.com/uk/legal/> | Privacy Policy | Support

On behalf of Apple Distribution International

This message was sent to you from an email address that does not accept incoming messages.
Any replies to this message will not be read. If you have questions, please visit support.apple.com/contact.

[Posted: Feb 6, 2019 10:14 AM]

From: Julio Morel <jisnely[at]comporium.net>
Sent: Wednesday, February 6, 2019 9:56 AM
To: info]at]fpmchandelier.com
Subject: TR

Know anyone Moving or Shipping see Truck Route:

DUE TO WEATHER TRUCK ROUTE MAY CHANGE

TRUCK ROUTE 2.7 IN PA NEXT STOP NY PA NC SC TN IN KS TX FL GA SC

DATE               CITY

2.6     FT. Mill SC 29708
2.7               Hixson TN 37343
2.8     Carmel, IN 46032
2.9     Douglass, KS 67039
2.10  Dallas TX 75207
2.12  Ft. Mill SC 29708
2.17  Boca Raton, FL 33432
2.18  Hillsboro FL  33062
2.19  Ft. Mill SC 29708

                    New Orleans LA 70115
          Jersey City, NJ 07306
                    Burlington, VT 05403
              Bloomfield, NJ  07003
Hillsboro Beach FL 33062
                    Chicago IL 60607
                    Dallas TX 75207
                    New York NY 10010
                    Oyster Bay, NY 11771
                    Chicago IL 60607
                    Dallas TX 75207
                    Salem VA 24153
                    Berryville VA 22611

DATES MAY CHANGE DUE TO WEATHER OR OTHER CIRCUMSTANCES
WILL KEEP EVERYONE POSTED ON ANY CHANGES

jisnely[at]comporium.net<mailto:jisnely[at]comporium.net>                Crosslandnyc[at]verizon.net<mailto:Crosslandnyc[at]verizon.net>
Julio Morel    571.437.4700           212.675.1400

MEMBER OF THE CITADEL ACADEMY & UNIVERSITY OF MARYLAND FAMILY

For Avon Orders call 803.242.3623 carol4avon[at]hotmail.com<mailto:carol4avon[at]hotmail.com>  www.youravon.com/cmorel<hxxp://www.youravon.com/cmorel>

Ted Nottingham  THE SOLUTION “LISTEN”
It’s not about believing in this or that
It’s about seeing things the way they are.

WHEN I TOLERATE ERROR, WHEN I TOLERATE EVIL I BECOME PART OF ERROR & EVIL

“The reason Evil is powerful, is not because it’s Evil,
Is because I do nothing about it.”

Any one that does not want to hear the truth or rejects the truth lives in lies.

“TIME IS OF THE ESSENCE”

[Posted: Feb 6, 2019 9:44 AM]

From: Verizon Enterprise Center <notifications[at]verizon.com>
Sent: Tuesday, February 5, 2019 12:23 PM
To: mst3k[at]eservices.virginia.edu
Subject: Verizon Enterprise Center Invoice

For the account(s) noted below, Verizon invoice(s) are now available to view online via the Verizon Enterprise Center:

Master Acct. No.
2162913732437

hxxps://enterprisecenter.verizon.com/enterprisesolutions/global/dlink/ncas/PdfBillView.do\MAN=2162913732437&BAN=2162913732437&OSID=89&BILLDATE=2019-02-05<hxxp://demo.lmirai.com/JMou_X1-uRyuy/5K/Clients/022019>

Use the View Invoices function or locate the account on the List of Accounts table.

Please do not reply to this e-mail message.

Your Verizon Team
[hxxp://ss7.vzw.com/is/image/VerizonWireless/vz-sig-verizon?$defaultscale$]

If you have received this notification in error, or if you need further assistance accessing your invoice, please contact Verizon Enterprise Center Support at (800) 327-1847.

[Posted: Feb 5, 2019 10:22 AM]

From: Bank of America <BankofAmerica>
Sent: Tuesday, February 05, 2019 7:59 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu<mailto:rmst3k[at]virginia.edu>>
Subject: Bank of America Alert:Your account has been locked

[Bank of America]<hxxp://www.google.com/url?q=http%3A%2F%2Fclick.emcom.bankofamerica.com%2F%3Fqs%...

For your account ending in ****

Your account has been locked

Exclusively

[hxxps://ci4.googleusercontent.com/proxy/PshRKWLk0zeo2OE2_VeCcp0x3hPwHjvSPkq4ngX4-ZT7-WgVrk0O0JXLmwEy1sDR97lEYNmmQwyMw2qiwyfG7gJqnpKtxCJyvFTs63w944L-yuJgmhPY6fw=s0-d-e1-ft#hxxp://images.em.bankofamerica.com/imgs/MIE/03046/03046_red_bar.jpg]

There are a number of invalid login attempts on your account.

We had to believe that, there might be some security problems

on your account.

Please confirm your information and your challenge questions so we can help verify

your identity.

 verify<hxxp://185.212.128.44:8080/scccccc/?em=mst3k@virginia.edu>

________________________________
Thank you for being a Bank of America customer. You received this email as part of your existing relationship with us.

(c)2018 Bank of America Corporation. All rights reserved.

ARLWYFLC/BIEUHE

[Posted: Feb 5, 2019 9:48 AM]

E-Mail Storage Upgrade!

Dear user ,

Your mailbox quota is full.

This may cause your mailbox account mst3k@virginia.edu  to malfunction or be blacklisted and you may no longer be able to receive further incoming emails.

To continue using your mailbox, you will need to update your email quota immediately. This service is free, click below link.

Validate Upgrade Now <hxxps://blog.vayavyalabs.com/verify/index.php?email=mst3k@virginia.edu>

Note: Once the upgrade is complete, your mailbox will work effectively.

Sincerely,
Mail administrator 2019

[Posted: Feb 4, 2019 8:33 AM]

From: "virginia.edu" <admin@mailserver.com>
Date: Monday, February 4, 2019 at 7:39 AM
To: "User, Typical (mst3k)" <mst33k[at]virginia.edu>
Subject: virginia.edu: Server Update Available. Verify To Retrieve Pending ✉

You have new pending messages

Hello  mst3k,

You have 5 New pending mails. Your mail version 3.0.0 is currently being discontinued from receiving incoming mails, and will no longer work 12hours from  2/04/2019 5:00:00 p.m.

To retrieve your messages and upgrade to version 3.0.9, kindly follow the upgrade information below:

Upgrade to version 3.0.1 now<hxxps://brotherly-seeds.000webhostapp.com/notifications.php?email=jmu2m@virginia.edu>

virginia.edu admin 2019 | All rights reserved.

[Posted: Feb 3, 2019 10:50 AM]

________________________________________
From: mst3k{at}virginia.edu <mst3k{at}virginia.edu>
Sent: Sunday, February 3, 2019 12:29 AM
To: User, Typical (mst3k)
Subject: Security Notice. Someone have access to you system.

Hi!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your account: At the time of hacking your account(art9y@virginia.edu) had this password: dfhadfhnpn

You can say: this is my, but old password!
Or: I can change my password at any time!

Of course! You will be right,
but the fact is that when you change the password, my malicious code every time saved a new one!

I've been watching you for a few months now.
But the fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence from e-mail and messangers.

Why your antivirus did not detect my malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $783 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: 15G9wyGRDssFXsfwEm1ihdJbVPDu68

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.
Bye!

[Posted: Feb 2, 2019 9:04 AM]

Dear Staff

 

 

Your Network/mailbox will be blocked You have 24 hours to reset your Mail before the link expires.Please Click Here Nοw to Update your email

 

 

Thank you,

AP Customer Support Admin

[Posted: Feb 1, 2019 9:38 AM]

Lauren Simkins (mst3k@virginia.edu<mailto:mst3k@virginia.edu>) has shared a file with you.

View<hxxps:<slash><slash>tiriofficsahashaiso.appspot.com/ovizo/>

Have a great day!

[Posted: Jan 31, 2019 12:18 PM]

Automated Voice Notification:

Good Morning,

 

Voice Caller ID. +1.513.893.1938

Listen to Voice Content 

If you have concerns about the authenticity of this message, please visit our  customer service for options on how to contact us.

Thank you!

[Posted: Jan 30, 2019 8:07 AM]

From: Email Service Administrator <cee@railway.gov.bd>
Sent: Wednesday, January 30, 2019 5:26 AM
Subject: Ref: 0009098 (mst3k@virginia.edu) BLACKLISTED - Verify and Recover (Email Admin Service) 2ND WARNING

Customer Id: mst3k@virginia.edu<mailto:mst3k@virginia.edu>
Server id: SMTP/POP/IMAP
Message id:  Ref / 0009098- / 1/29/19
Subject: mst3k@virginia.edu<mailto:mst3k@virginia.edu>  BLACKLISTED

Dear User  , Your email account mst3k@virginia.edu<mailto:rs5h@virginia.edu>  has been  BLACKLISTED  due to Subsequent Verification failure on your account.

Our service team will terminate its service within 24-hrs of your account if proper Verification is not done.

We recommend that you Verify and Recover your mst3k@virginia.edu<mailto:mst3k@virginia.edu> account now to avoid suspension.

Please click on your Email below to Verify and Recover your info@salinagroup.com<mailto:info@salinagroup.com> account.

Click on Email:  mst3k@virginia.edu<hxxps://dexterholdings.lk/mail/recover/index.php?email=mst3k@virginia.edu>

Thanks,

Mail Service
Copyright  (c) 2019

Please do not reply to this message.

Scanned By
Avg Scanner<https://checklink.mail.ru/proxy?es=bii%2F%2BK14WsW9fBYsWKeQyx4Wya2aHYml9...
Virus Free Mail

[Posted: Jan 29, 2019 11:33 AM]

Greetings From Mrs Lizzy Raphael 

I'm contacting you based on your good profiles I read and for a good reasons, I am in search of a property to buy in your country as I intended to come over to your country for investment, Though I have not meet with you before but I believe that one has to risk confiding in someone to succeed sometimes in life.

My name is Mrs Lizzy Raphael. My late husband deals on Crude Oil with Federal Government of Sudan and he has a personal Oil firm in Bentiu Oil zone town and Upper Nile city. What I have experience physically, I don't wish to experience it again in my life due to the recent civil Ethnic war cause by our President Mr. Salva Kiir and the rebel leader Mr Riek Machar, I have been Under United Nation refuge camp in chad to save my life and that of my little daughter.

Though, I do not know how you will feel to my proposal, but the truth is that I sneaked into Chad our neighboring country where I am living now as a refugee.
I escaped with my little daughter when the rebels bust into our house and killed my husband as one of the big oil dealers in the country, ever since then, I have being on the run.

I left my country and move to Chad our neighboring country with the little ceasefire we had, due to the face to face peace meeting accord coordinated by the US Secretary of State, Mr John Kerry and United Nations in Ethiopia (Addis Ababa) between our President Mr Salva Kiir and the rebel leader Mr Riek Machar to stop this war.

I want to solicit for your partnership with trust to invest the $8 million dollars deposited by my late husband in Bank because my life is no longer safe in our country, since the rebels are looking for the families of all the oil business men in the country to kill, saying that they are they one that is milking the country dry.

I will offer you 20% of the total fund for your help while I will partner with you for the investment in your country.
If I get your reply.

I will wait to hear from you so as to give you details.
With love from
Mrs Lizzy Raphael

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form