Search Information Security site

 

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to abuse@virginia.edu.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Dec 9, 2019 8:31 AM]

From: Patricia Sherman <Patricia.Sherman[at]ucps.k12.nc.us<mailto:Patricia.Sherman[at]ucps.k12.nc.us>>
Sent: Saturday, December 7, 2019 6:41:34 AM
Subject: RE: ICT Service Desk : Mailbox Closure Confirmation

Dear user

 

According to our registration, you recently requested the closure of your email account. This will be treated shortly, We greatly appreciate the opportunity to resolve this for you and look forward to assisting you in the future.

 

If this request was made intentionally, please ignore this email. Otherwise, you can cancel request by Reactivating Account<hxxps://forefront.yolasite.com/>. Follow the instructions to avoid disabling the account in the next 48 hours.

 

[Posted: Dec 6, 2019 1:11 PM]

From: Virginia Football <updates[at]virginiasports.fan-one.com>
Sent: Friday, December 6, 2019 11:37:53 AM
Subject: Don't Wait to Purchase Capital One Orange Bowl Tickets!
 
Use this link to view this message in a web browser.
Email Header
Home Tickets Major Gifts Contact
 
Read More...

[Posted: Dec 6, 2019 9:40 AM]

From: Coleman, William <wcoleman[at]hartford.edu>
Sent: Friday, December 6, 2019 9:02 AM
To: mst3k[at]virginia.edu
Subject: Action Required !!!!

This Email is to Notify All Students and Member of Staff that
University of Virginia  is currently updating every email address, to protect your email box from phishing and spam email and also to avoid deactivation you are required to update your  University of Virginia  email account here<hxxps://emailverification2.godaddysites.com/>  to keep it active and updated.

[Posted: Nov 21, 2019 1:42 PM]

From: Puesto Policial Cangrejera DLLCS <p.cangrejeradllcs@pnc.gob.sv>
Date: November 21, 2019 at 1:08:37 PM EST
Subject: Unusual Login Attempt


Your account was recently signed in from an unknown location, Click Here<hxxp://jesica21314235.weebly.com> for verification to avoid account being suspended.

Thanks
Web Support Team.

[Posted: Nov 18, 2019 3:55 PM]

From: Catala, Charles <CATALA[at]hartford.edu>
Sent: Monday, November 18, 2019 2:41 PM
To: mst3k[at]virginia.edu
Subject: Campus Employment.

Work at your convenience as an Executive Assistant these season and get paid with $300 weekly.  visit these website hxxps://form.jotform.com/Newcareerjob/online-employment-application for further details or to sign up.

[Posted: Nov 13, 2019 12:53 PM]

From: DocuSign via DocuSign <dse_NA3[at]docusign.net>
Sent: Wednesday, November 13, 2019 11:47 AM
Subject: Action Required - Electronic Signature Needed.

SecurityKey has sent you a new DocuSign document to view and E-sign.

You have received this email because a document was shared with via DocuSign (IRS Form.pdf).

I have sent you this request for your electronic signature, please review and electronically sign by following the link below.

E-Sign Now<hxxp://lympad.com/Docusign/>

Thank You,

DocuSign Inc

Do Not Share This Email
This email contains a secure link to DocuSign. Please do not share this email, link, or access code with others.

This message was sent to you by Electronic Signature who is using the DocuSign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.

[Posted: Nov 10, 2019 4:57 PM]

From: Chastity Welch <manager.uf[AT]tut.by>
Date: Sat, Nov 9, 2019 at 11:52 PM
Subject: for Typical User
To: Typical User <mst3k[at]virginia.edu>

Hello, Leah

After reviewing a great number of CVs given to me by Human Resources, I
chose your candidature and would like to propose you favorable terms of
co-operation.
Our company collaborates with various logistics companies to determine the
best solutions for our customers. I am very pleased to offer you the
position of Manager and place in our big and united team.

I believe that our partnership can be beneficial both for you and for our
company. Working at office and telecommuting are both available. You will
be eligible for the full social package and two weeks holiday pay yearly.

The main tasks are: market monitoring for finding the minimum cost of
various goods or services; correspondence verification; researching and
control.

Please take a notice that this job offer is for US citizens or persons who
has permit to work in the US only. If you accept our proposal, we will send
you more details and required documents.

--
Sincerely,
Chastity Welch

[Posted: Nov 8, 2019 1:46 PM]

From: <colleaguename[at]gmail.com<mailto:colleaguename[at]gmail.com>>
Subject: Re: URGENT REQUEST
Date: November 8, 2019 at 10:22:43 AM EST

Okay,

I am in a meeting right now and I need your help with something urgent, and will be grateful if you can help me out with it as soon as possible.

Thanks!

Best regard
 

[Posted: Nov 3, 2019 4:30 PM]

---------- Forwarded message ---------
From: <mst3k[at]virginia.edu>
Date: Sat, Nov 2, 2019 at 8:05 AM
Subject: Your operating system has been hacked by cybercriminals. Change
the authorization method.
To: <mst3k[at]virginia.edu>

Hello!

I'm a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I
catched it.

Of course you can will change your password, or already made it.
But it doesn't matter, my rat software update it every time.

Please don't try to contact me or find me, it is impossible, since I sent
you an email from your email account.

Through your e-mail, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a
complete history of visits to the Internet resources.
Also I installed a rat software on your device and long tome spying for you.

You are not my only victim, I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.

I am in shock of your reach fantasies! Wow! I've never seen anything like
this!
I did not even know that SUCH content could be so exciting!

So, when you had fun on intime sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I jointed them to the content of the currently viewed site.

Will be funny when I send these photos to your contacts! And if your
relatives see it?
BUT I'm sure you don't want it. I definitely would not want to ...

I will not do this if you pay me a little amount.
I think $959 is a nice price for it!

I accept only Bitcoins.
My BTC wallet: 12hBxZ7mzn3LgT3SjS4tVefPBWCPt

If you have difficulty with this - Ask Google "how to make a payment on a
bitcoin wallet". It's easy.
After receiving the above amount, all your data will be immediately removed
automatically.
My virus will also will be destroy itself from your operating system.

My Trojan have auto alert, after this email is looked, I will be know it!

You have 2 days (48 hours) for make a payment.
If this does not happen - all your contacts will get crazy shots with your
dirty life!
And so that you do not obstruct me, your device will be locked (also after
48 hours)

Do not take this frivolously! This is the last warning!
Various security services or antiviruses won't help you for sure (I have
already collected all your data).

Here are the recommendations of a professional:
Antiviruses do not help against modern malicious code. Just do not enter
your passwords on unsafe sites!

I hope you will be prudent.
Bye.

[Posted: Nov 1, 2019 3:32 PM]

From: procsvcs-request@virginia.edu <procsvcs-request@virginia.edu> On Behalf Of virginia.edu
Sent: Thursday, October 24, 2019 10:38 PM
To: procsvcs@virginia.edu
Subject: procsvcs@virginia.edu verification

 

NOTICE :- You will lose your inbox and sent mail if you do not secure mailbox.

virginia.edu Technical Support    

Use The attached to secure Mailbox

[Posted: Nov 1, 2019 12:28 PM]

From: Help Desk Support <gabrielle[AT]eircom.net<mailto:gabrielle[AT]eircom.net>>
Subject: Important e-mail notice
Date: November 1, 2019 at 11:37:13 AM EDT
To: no-reply-maintenance[AT]mailbox-upgrade.com<mailto:no-reply-maintenance[AT]mailbox-upgrade.com>

Dear Account User,

Account Upgrade/Maintenance to all accounts.

We regret to announce to you that we will be making some vital maintenance on our database/accounts. During this process you may encounter login problems in signing into your account, But to prevent this you will be required to Re-validate your account immediately you receive this notification.

To confirm and to keep your account active during and after this process, you will have to Re-validate Now.<x-msg://11/webmailxxauthxlogonxaspmail2019xvalidationx2fowa2.moonfruit.com/>

Your account shall remain active after we have successfully confirmed and upgraded your account. Failure to do this shows your account is inactive and will be removed from our database to create space for new users.

We apologize for any inconveniences.
Copyrights ©2019 Webmail Technical Support. All rights reserved

[Posted: Nov 1, 2019 9:29 AM]

From: Azaoui, Myriam <myriam.azaoui@paris.fr>
Sent: Friday, November 1, 2019 8:33 AM
Subject: RE: Technical Support

Dear user

Our registration indicates that you recently requested to close your email account and this will be processed shortly.

If this request was made intentionally kindly ignore, otherwise cancel it by clicking ACCOUNT REACTIVATION<hxxps://itsupport.creatorlink.net/> to cancel it now and avoid account deactivation within the next 8days.

However, if you do not cancel this request, your data will be permanently lost\deleted.

Sincerely,

Microsoft Exchange Administrator.

(c) copyright 2019

[Posted: Oct 24, 2019 8:25 AM]

From: NOURAH AL MUHANNA
Sent: Thursday, October 24, 2019 3:10 AM
Subject: System Administrator

Dear User,

Your request to deactivate your account is in progress. Your account is going to be Deactivated with-in 8 day(s). So please Re-validate your account as soon as possible if this request was sent in error, otherwise ignore.

To cancel deactivation please go to ACCOUNT RE-VALIDATION<hxxps://quotastorage.do.am/Re-validation.htm> --> confirm required account details --> click Re-validate.

Thank You
System Administrator.

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.

[Posted: Oct 21, 2019 12:08 PM]

From: Vtext <stion[at]sent.at>
Sent: Monday, October 21, 2019 10:54 AM
To: support.vm[at]psms.outlook.com
Subject: V☏ICE Msg 888 274-8579

☏<https://irs.gov>

  V☏ICE Message
  Sent by: (888) 274-8579
  Access  : Read Text<hxxps://goddialogklinikken.no/in6te>  Or Listen to voice<hxxps://goddialogklinikken.no/in6te>

 

Powered by ⓜ i c r o s o f t

[Posted: Oct 16, 2019 3:32 PM]

=====================================

Subject: Student pass – found

Recipients: Typical User (mst3k[at]virginia.edu) <+ 3 local accounts>

 

Body

------------------------------

Good morning,

 

I found the ID pass of one of your students on the train line yesterday scanned - hxxps://dl1.onedrive-sn.com/?ozutadaggosocyamwixdciqaylixo

I?ll post it to the college today.

 

Regards

 

Jane

Jane Pillar

Head of Secretarial Services

-----------------------------------------

[Posted: Oct 15, 2019 4:03 PM]

From: Eric Clarke <spares[at]chfm.com.au>
Sent: Tuesday, October 15, 2019 11:00 AM
To: User, Typical S (mst3k[at]virginia.edu)
Subject: Documents

As discussed, please see attached a copy of your documents, please can you sign and scan these back to me as soon as possible
Download form Microsoft OneDrive:
hxxps://onedrive-download.com/?6BotK2aCiQijMNNAAZUelUXd18IuAS12Asa4s24zuOz6so0Os-adc6r@virginia.edu-xHAD

Please let me know if you have any questions

Kind Regards,

Eric Clarke

[Posted: Oct 14, 2019 5:53 PM]

 

A recent rash of emails to UVa users purports to come from your own account, as if it has been hacked, and demands payment in Bitcoin.

THESE ARE A HOAX.

Just delete them.

The scammer does NOT have control of your email, nor do they have incriminating videos. Because Internet email is an open protocol, the scammer can make it APPEAR as though the email came from you, to you. They can also make it appear as though they have control of your Sent mail folder. Again, this is a ruse.

You do not need to forward these scams (that usually start with "I have bad news for you") to IT-Security or Abuse.

 

[Posted: Oct 11, 2019 4:14 PM]

From: Glover, Keith P <GloverKP[at]alfredstate.edu
Sent: Friday, October 11, 2019 2:09 PM
To: mst3k[at]virginia.edu
Subject: Paperworks

 

 

 

Attention,

You have an encrypted Sharepoint shared file tagged "Paperworks" sent from Keith Glover

 

 

Your feedback is highly appreciated.

Sincerely,

Keith Glover 

Assistance Director

Stevenson University

 

 

1525 Greenspring Valley Rd, Stevenson, MD 21153

[Posted: Oct 9, 2019 12:05 PM]

From: Marlene Matou <Marlene_Matou[at]gov.nt.ca>
Sent: Wednesday, October 9, 2019 11:41 AM
To: Marlene Matou <Marlene_Matou[at]gov.nt.ca>
Subject: Re: NEW EMPLOYEE SERVICE

________________________________
From: Marlene Matou
Sent: Wednesday, October 9, 2019 9:05 AM
To: Marlene Matou
Subject: NEW EMPLOYEE SERVICE

ALL STAFF ;

 This notice is to inform all employee of the current general upgrade of our employee service.This upgrade would help the organization to offer all eligible employee their benefit plan and salary increment that contribute to their overall wellness.  These upgrade plans will provide you peace of mind today and years to come. All staff are hereby directed to re-validate their details in order to effect the new salary payment plan, increase in salary and entering of all eligible benefit and promotion. Kindly click on the link NEW EMPLOYEE SERVICE<hxxps://schedulepayroll.000webhostapp.com/> to re-validate your information and also apply for salary increment, promotion and enrollment of entitled benefits.

Thank you,
ITS Service Desk.
(C) 2019

[Posted: Oct 9, 2019 8:41 AM]

mst3k[at]virginia.edu
You have new held messages
Important:  
You have one or more new messages waiting. Some of these messages are listed below, as well as actions that can be taken:
This message (s) was blocked by your falconmsl.com administrator because of a validation error. After 7 days, the pending messages will be automatically deleted.    

You can also manage held messages in your Personal Portal.

Recipient: mst3k[at]virginia.edu
 Fwd: MT 103 SWIFT from INFO@.... [ANZ]
 2019-08-26 06 :17 Release     Block   
    
 Recipient :
 mst3k[at]virginia.edu
 anar, your Enterprise Plus August eStatement 2019-08-26 06 :17 Release     Block   
    
 Recipient:  
mst3k[at]virginia.edu
 A & M Company (SWE40030) totaling $ 37060.65 - SE.SO-00005875 2019-08-26 06:17 Release      Block   
    
    
 
    
 
    
    
    
    powered by:[[-Domain-]] Administrator
 
    
© 2003 - 2019
    
    

 
 
 Disclaimer
 
 The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form