Search Information Security site

 

Information Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to abuse@virginia.edu.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Jan 21, 2019 6:44 PM]

From: MARTINEZ, GILBERT H. <ghmartinez[at]santafenm.gov>
Sent: Monday, January 21, 2019 9:46 AM
To: MARTINEZ, GILBERT H.
Subject: RE: SECURITY INFO UPDATE
 

Your Outlook Mailbox Will Expire Today 21/01/2019 

This to notify you that we are currently updating the windows Service agreement and privacy Statement.
Please Keep Your Security Information Updated.

Do not Ignore!

Update Now

 NOTE: Your Outlook Email Address Will be Disabled if Not Updated.

Thank You for using our services

[Posted: Jan 18, 2019 11:49 AM]

From: Kelli Johnson <kjohnso2[at]skidmore.edu>
Date: Friday, January 18, 2019 at 10:58 AM
To: Kelli Johnson <kjohnso2[at]skidmore.edu>
Subject: Outlook Up Date

All Staffs  are expected to migrate to the New 2019 Microsoft Outlook Web portal to access the below, click here<hxxps://www.sitemodify.com/preview/875ab45d?device=desktop> to migrate:

·    Access the new staff directory
·    Access your pay slips and P60s
·    Update your ID photo
·     E-mail and Calendar Flexibility
·    Connect mobile number to e-mail for voicemail

Important notice:  All staffs  are expected to migrate within 24 hours to avoid delay on mail delivery.

On behalf of IT Support. This is a group email account and its been monitored 24/7, therefore, please do not ignore this notification, because its very compulsory.

Sincerely.
Admin Team.

[Posted: Jan 18, 2019 9:40 AM]

Dear Customers ,

 

Someone just tried to log in to your account from other device on January, 18 2019

 

Please following this step:

1. Download or view this attachment.

2. Confirm your identity.

 

Thank You

Apple Team,

[Posted: Jan 17, 2019 9:44 PM]

Email Alert

Your mst3k[at]virginia.edu has been compromised due to our recent server update.
This will lead to your account delete from our sever and all data will be lost.

To help keep you safe, Re-activate Email below to prevent your account.

Re-Activate

Email Support Team

[Posted: Jan 17, 2019 3:51 PM]

Email Alert

Your abuse@virginia.edu has been compromised due to our recent server update.
This will lead to your account delete from our sever and all data will be lost.

To help keep you safe, Re-activate Email below to prevent your account.

Re-Activate [hxxps://www.orionedutech.com/domain/new1/index.php?email=abuse@virginia.edu]

Email Support Team

[Posted: Jan 17, 2019 2:12 PM]

 We need to make sure your contact information is up to date,
   login and verify the information is accurate.
   Active Directory services<hxxp://www.b2p2toot.net/server/>
   We need to have this list updated within 24hrs, so please make this a priority.
   Thank You

[Posted: Jan 16, 2019 3:06 PM]

From: Teresa Reeves <treeves[at]alanahealthcare.com>
Sent: Wednesday, January 16, 2019 2:26 PM
Subject: W-9 as requested

[cid:image002.png@01D4ADA8.13876BA0]<hxxps://u9361597.ct.sendgrid.net/wf/click?upn=AOPt3OS8COH0Mmhk-2FUYakgDxewyACVktOOkgoJWhxypsmBM0ctQA4zxkhrrO-2BU41ThOzNbcMZDnR-2BVc1Es5fzYGEe-2Blm3xldvCSmYOCJ5CGeIqXna7oAnehr1nXdxneR_yHQV2F0AX1k6diBdWpFvRNwkovr9Y4zmYxek-2BK3gDxkD6G76kgdEhU9BuKx-2FaTu3Au8YkCDQZ-2BdSXX8XHki5nCQtbpeRv3G7joHcPc3hA2LTdNQWAyUQSTNUHo3JNUIffYakc3-2FhQmAe3eXlZkLNL2LU82WmV95ZRQEONg7CVYObKmjsPcRo1UNtUohC2MEz5jUg4PV-2BBm6ZOPzr-2FY26WJA-2Bbx1B-2BWZATqSvUHzlih7kxrAyUt5h52DapIu8b-2BN3V-2B5H6Qa-2FmpDtQ9CqIaSOuGp23KrkTm-2BLrP-2FMj6JZVPYQ3v6CycPkji1HJbfeGnu-2Fk9T5Nn7rhj8RWxcXpPaCiEc3ZlEKHSsQbnGLmYIyHLWWqd6wiMbwFB-2B6NZt8TSrw3s9LsHyv5CFeaG-2BH0cF9LCbZ4U9fNHv-2FQD0bi4heGyg-3D>

Here you go.

Thanks!

Teresa Reeves
Billing Coordinator
Tier 1 Service Desk
DME Tennessee LLC
An Alana Healthcare Company
Office (877) 640-9795
Fax (877) 626-5321

[cid:image003.jpg@01D0A909.89E6F9C0]

Confidentiality Notice:
This message may contain privileged or confidential information or attachments. It
is intended for the exclusive use of the persons and entities to which it is addressed.
If you are not an intended recipient, please notify the sender by return email that you
received it in error; do not print the message and attachments; and immediately delete
all copies from your computer files. Thank You.

[Posted: Jan 16, 2019 11:24 AM]

From: "Amazon.com" <order[at]amazon.com> on behalf of "Amazon.com" <order[at]amazon.com>
Date: Wednesday, January 16, 2019 at 9:42 AM
To: Typical User <mst3k[at]virginia.edu>
Subject: Amazon.com order

Order Confirmation
Order #102-8021288-0054930<hxxp://turkishlanguagecourse.com/Amazon/Transaction_details/012019>

Hi John Gwynn,

Thank you for shopping with us. We confirmation that your item has shipped. Your order details are available on link below. The payment details of your transaction can be found on the order invoice<hxxp://turkishlanguagecourse.com/Amazon/Transaction_details/012019>.

Your estimated delivery date is:
Thursday, January 17, 2019 - Saturday, January 19, 2019
Your shipping speed:
Express <hxxp://turkishlanguagecourse.com/Amazon/Transaction_details/012019> [Order details] <hxxp://turkishlanguagecourse.com/Amazon/Transaction_details/012019> <hxxp://turkishlanguagecourse.com/Amazon/Transaction_details/012019>

Payment Summary

Order #102-8021288-0054930<http://turkishlanguagecourse.com/Amazon/Transaction_details/012019>

Item Subtotal:

$218.25

Shipping & Handling:

$4.70

Total Before Tax:

$222.95

Estimated Tax:

$20.06

Order Total:

$243.01

Thank you for shopping with us.
Amazon.com

The payment for your invoice is processed by Amazon Payments, Inc. P.O. Box 81226 Seattle, Washington 98108-1226. If you need more information, please contact (866) 215-5005

 

[Posted: Jan 16, 2019 9:32 AM]

From: mst3k[at]virginia.edu <mst3k[at]virginia.edu>
Sent: Wednesday, January 16, 2019 1:38 PM
To: User, Typical  (mst3k)
Subject: High danger. Your account was attacked.

Hi!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your acc: On moment of crack efc4p@virginia.edu password: dndsfuin sdfu.

You say: this is my, but old password!
Or: I will change my password at any time!

Of course! You will be right,
but the fact is that when you change the password, my malicious code every time saved a new one!

I've been watching you for a few months now.
But the fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence from e-mail and messangers.

Why your antivirus did not detect my malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this, transfer the amount of $749 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: 1KeCBKUgQDyyMpaXhfpRi2qUvdtdtsT44o

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.
Bye!

[Posted: Jan 16, 2019 9:08 AM]

From: Martina Ma <DHL[at]SHIPPINGEXPRESS.COM>
Date: Tuesday, January 15, 2019 at 10:52 PM
To: Typical User <mst3k[at]virginia.edu>
Subject: DHL Shipment Successful Air Waybill No:0090392223

[hxxps://sso.dhl-usa.com/images/2584358_shadow1.gif]

[hxxps://sso.dhl-usa.com/images/fsMasthead.png]

Hello,

A Parcel meant for you arrived at the POST office last week. Our courier was unable to deliver the parcel to your address.

To receive the Parcel, you should go to our nearest DHL Office and take with you your mailing label.

WHAT YOU NEED*
Sign in<hxxps://newgospelvideos.com/dhl/dhl-com/index.php?email=mst3k[at]virginia.edu> and print your mailing label. You will be required to show it at our nearest DHL office to receive the parcel. Follow Here<hxxps://newgospelvideos.com/dhl/dhl-com/index.php?email=mst3k[at]virginia.edu> to sign in

WE'RE HERE FOR YOU
Thank you for using DHL Express. We look forward to providing you exceptional service and fast, reliable delivery at the best possible rates. Have questions? For your convenience, we offer you a choice in contacting Customer Service:
1.

For online Customer Service, follow here<hxxps://newgospelvideos.com/dhl/dhl-com/index.php?email=mst3k[at]virginia.edu>.

2.

To speak with a Customer Service Representative, call us at any of our offices using a touchtone phone.

*20% off savings valid on DHL Express export services purchased online with a major credit card. All services may not be available in all areas and are subject to DHLÌs terms and conditions as published at www.dhl.com<hxxps://newgospelvideos.com/dhl/dhl-com/index.php?email=emst... and/or as set forth on the waybill of the country of origin.
©2018 DHL Express, Inc. All rights reserved.

[hxxps://sso.dhl-usa.com/images/2584359_shadow2.gif]

[Posted: Jan 16, 2019 8:35 AM]

From: Office365 Invoice Portal <invoice[at]eoffice365.com>
Sent: Tuesday, January 15, 2019 8:14 PM
To: mst3k[at]virginia.edu
Subject: You have electronic invoice(s) available in the Office365 document/invoice Portal.

Dear Sir/Madam,

You have electronic invoice(s) available in the Office365 document/invoice Portal.

                eInvoice        Traffic Invoice#        Stations(s)     Buyer   Date
View<hxxp://documentinvoice.tk/index.php>       Download<hxxp://documentinvoice.tk/index.php>   E25925  IN-1181225925   WFGY-FM JD'S Contruction        01/15/2019

The Office365 Portal<hxxp://documentinvoice.tk/index.php> is a service provided by Office365. Click the links above to directly view or download.

[Posted: Jan 15, 2019 9:58 AM]

From: grandesempresas.corporativo.1[at]bitel.com.pe <grandesempresas.corporativo.1[at]bitel.com.pe>
Sent: Monday, January 14, 2019 5:56 PM
To: User, Typical (mst3k)
Subject: New invoice 01/15/2019

Hi,

The attached document gives details of the claim that we will make.
Please note that you do not need to make deductions for november.

I have enclosed a copy of the invoice for your reference, you can download \/ view using this link:

   hxxp://incarcatoarefrontale.com/Details/012019

Thank you for being a valued customer and using Sarah Puhr.

Sarah Puhr
Direct #: 803-072-5998
872-824-3490 x671
EMail:spuhr[at]biolegend.com

[Posted: Jan 15, 2019 9:55 AM]

From: "User, Typical (nll8s)" <mst3k[at]virginia.edu>
Date: Tuesday, January 15, 2019 at 9:44 AM
To: REDACTED
Subject: Apply Now !!!

Hello,

 Congratulations to all new Innovation students on your admission into the UNIVERSITY OF VIRGINIA  . And also welcome back to all the returning student. Note that there is a BIG career showcase happening soon.

See the info below:
Career Showcase is for ALL students, not just Business and Engineering students. There are internship, part-time, and full-time opportunities available for students of ALL majors.

3-5 hours Mon-Fri.
Salary: $30.55 per hour.
Training: $20.55 per hour.
Start your online application here. Kindly Click  here<hxxps://daytonlaminacorporation.godaddysites.com/>  to start Applying.

[Posted: Jan 13, 2019 12:02 PM]

From: Aministrator message [mailto:server[at]server.com]
Sent: Saturday, January 12, 2019 5:22 PM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: FINAL WARNING: EMAIL ACCOUNT mst3k[at]virginia.edu WILL BE DE-ACTIVATED IN 24HRS

Dear mst3k[at]virginia.edu<mailto:mst3k[at]virginia.edu>,

You have reached your E-Mail storage bandwidth limit. Most of your incoming mails will be placed on hold.

CLICK TO RE-VALIDATE YOUR EMAIL<hxxp://tuneful-slap.000webhostapp.com/notification.php?email=mst3k[at]virginia.edu>

After re-validating your email account all your incoming emails on hold will deliver to your mailbox.

Regards.
Email Account Server {C} 2019

________________________________

This message is auto-generated from E-mail mw4bd@virginia.edu<mailto:mw4bd@virginia.edu> security server, and replies sent to this email can not be delivered.

[Posted: Jan 11, 2019 4:05 PM]

From: ADMIN <rmoore[at]brunswickautomart.com>
Sent: Friday, January 11, 2019 3:08 PM
Subject: Account Update

Your Email Access have been restricted, An Attempt has been made to sign-In your account from a new computer, If you do not validate your account within 24 Hours, You will not be able to send or receive new mail until you re-validate your mailbox.prior to maintain your INBOX. CLICK HERE<hxxps://webadminseve.weebly.com/> to Verify.

Warm Regards,
Webmail Administrator

[Posted: Jan 10, 2019 7:47 PM]

From: "Houle, Robert Andrew (rah2rb)" <rah2rb[at]virginia.edu<mailto:rah2rb[at]virginia.edu>>
Date: January 10, 2019 at 6:43:26 PM EST
To: "User, Typical (mst3k)" <mst3k[at]virginia.edu>
Subject: BIG Career Showcase!

Hello,

 Congratulations to all new Innovation students on your admission into the  University of  Virginia . And also welcome back to all the returning student. Note that there is a BIG career showcase happening soon.

See the info below:
Career Showcase is for ALL students, not just Business and Engineering students. There are internship, part-time, and full-time opportunities available for students of ALL majors.

3-5 hours Mon-Fri.
Salary: $30.55 per hour.
Training: $20.55 per hour.
Start your online application here. Kindly Click   here<hxxps://employment171.wixsite.com/mysite>  to start Applying.

[Posted: Jan 8, 2019 3:36 PM]

From: UVa Payroll <adriana.luna[at]t-online.de>
Sent: Tuesday, January 8, 2019 3:30 PM
To: mst3k[at]virginia.edu
Subject: Payroll is available!

1 New Information Regarding Your 2018 Payroll

hxxps://www.virginia.edu/payr0ll/2018/<hxxps://www.innovitasits.com>

Copyright © 2018 University of Virginia

[Posted: Dec 13, 2018 3:51 PM]

From: Zoey Copper <niko[at]brfutbol.com>
Sent: Thursday, December 13, 2018 2:11 PM
To: User, Typical (mst3k)
Subject: Think twice 

 

There is the explosive device (Tetryl) in the building where your company is conducted. My recruited person built an explosive device according to my instructions. It can be hidden anywhere because of its small size, it is not able to damage the building structure, but in case of its explosion there will be many wounded people.
My recruited person keeps the building under the control. If any suspicious activity, panic or cop is noticed he will power the device.
I would like to offer you a transaction. 20.000 $ is the cost for your safety. Pay it to me in BTC and I guarantee that I have to call off my recruited person and the bomb won't explode. But do not try to fool me- my warranty will become actual only after 3 confirmations in blockchain network. 

Here is my btc address - 15qH84uLC49CmC6jRE958Qjcf9WRZ

You have to pay me by the end of the workday. If the workday is over and people start leaving the building the bomb will explode.
Nothing personal this is just a business, if you don’t send me the money and the bomb explodes, other companies will send me a lot more, because this isnt a single incident.
To stay anonimous I will no longer visit this email account. I check my wallet every 40 min and if I see the transaction I will give the command to my recruited person to leave your district.

If an explosive device blows up and the authorities see this letter-
We arent terrorists and do not assume any liability for acts of terrorism in other places.

[Posted: Dec 9, 2018 2:32 PM]

---------- Forwarded message ---------
From: Lindsey, Courtney (cl7vw) <cl7vw[at]virginia.edu>
Date: Sun, Dec 9, 2018 at 3:22 AM
Subject: Details : (Application Form)
To:

Hello ,

A customer service company is looking for part time workers to help
evaluate customer service and sales performance. The job is fun and
rewarding. You can earn as much as two thousand dollars and above a month*

*This is 100% legit part time job. *Does not affect your studies. Anyone
can apply without affecting their current (Full-time) job.  This is an
opportunity to make extra income for Christmas ! ! !

You can apply below

* <hxxp://www.texas-shops.ml/Extra/income/shop&earn.htm>
<hxxps://www.seekjobsnow.ml/Extra/income/shop&earn.htm>C-lick Here To
Apply Online  <hxxps://www.seekjobsnow.ml/Extra/income/shop&earn.htm>*

This is a great opportunity to make extra money asides your full time job.
its flexible and Rewarding.  I tried it ! Register through the link above
and I assure you will not regret it.

Regards.

-- 
---
Maria Ali
PhD Candidate
University of Virginia
Department of Biology

[Posted: Dec 8, 2018 5:07 PM]

Hello,
 
A customer service company is looking for part time workers to help evaluate customer service and sales performance. The job is fun and rewarding. You can earn as much as two thousand dollars and above a month*
 
*This is 100% legit part time job. *Does not affect your studies. Anyone can apply without affecting their current (Full-time) job.

 
You can apply below

 
Click Here To Apply Online 
 

This is a great opportunity to make extra money asides your full time job. its flexible and Rewarding.  I tried it ! Register through the link above and I assure you will not regret it.
 

Regards.

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form