Information Security Alerts & Warnings
This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.
Regarding Suspicious Email Alerts
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to email@example.com.
Security Alerts and Suspicious Items Currently Affecting UVA:
[Posted: Aug 14, 2019 3:34 PM]
From: King, David <21193[at]monroe.k12.mi.us>
Sent: Wednesday, August 14, 2019 2:34:12 PM
Subject: Notice from Microsoft Outlook
Our record indicates that you recently made a request to terminate your Office email. And this process has begun by our administrator.
If this request was made accidentally and you have no knowledge of it, you are advised to verify your account.
Please give us 24 hours to terminate your account OR verifying your account
CLICK HERE TO VERIFY<hxxps://email-healthsystem-virginia-edu-my-policy.weebly.com/>
Failure to Verify will result to closure of your account.
[Posted: Aug 13, 2019 8:52 AM]
From: same-email[at]virginia.edu <same-email[at]virginia.edu>
Sent: Tuesday, August 13, 2019 1:39 PM
To: same-email <same-email[at]virginia.edu>
Subject: Keep your secrets safe!
I am a representative of the ChaosCC hacker group.
In the period from 23/06/2019 to 11/08/2019 we got access to your account same-email[at]virginia.edu by hacking one of the domain.com mail servers.
Your pass for above account on moment of hack was: cville You already changed the password?
Sumptuously! But my program fixes this every time. And every time I know your new password!
Using access to your account, it turned out to be easy to infect the OS of your device.
At the moment, all your contacts are known to us. We also have access to your messengers and to your correspondence.
All this information is already stored with us.
We are also aware of your intimate adventures on the Internet.
We know that you adore adult sites and we know about your sexual addictions.
You have a very interesting and special taste (you understand what I mean).
While browsing these sites, your device’s camera automatically turns on.
Video-record you and what you watch is being save.
After that, the video clip is automatically saved on our server.
At the moment, several analogy video records have been collected.
From the moment you read this letter, after 60 hours, all your contacts on this email box and in your instant messengers will receive these clips and files with your correspondence.
If you do not want this, transfer 550$ to our Bitcoin cryptocurrency wallet: 1x2iPSuHetkZ9apse9Yh8pidsdwCsDRWtkt7rhsAg1u
I guarantee that we will then destroy all your secrets!
As soon as the money is in our account - your data will be immediately destroyed!
If no money arrives, files with video and correspondence will be sent to all your contacts.
You decide... Pay or live in hell out of shame...
We believe that this whole story will teach you how to use gadgets properly!
Everyone loves adult sites, you're just out of luck.
For the future - just cover a sticker your device’s camera when you visit adult sites!
Take care of yourself!
[Posted: Aug 12, 2019 3:08 PM]
From: Microsoft <msa[at]communication.microsoft.com>
Sent: Monday, August 12, 2019 2:33 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: MAILER-DAEMON - Unexpected Error Occurred: Email Validation Required
[Posted: Jul 30, 2019 8:43 AM]
From: Outlook Web App <bcouch[at]hughes.net>
Date: Monday, July 29, 2019 at 10:46 PM
Subject: Your account will be deactivated
Unusual sign-in activity
This is to inform you that your request on: 2019-07-29 11:21:10 to
remove your Email account from our server has been
approved and will initiate in one hour from the exact time you open
ignore this message to continue with email removal
If this deactivation was not requested by you
Download and open the attachment on this message to verify and keep your your email account active
Outlook Web App Team.
[Posted: Jul 29, 2019 9:56 AM]
From: virginia.edu Admin <ms-oxprotp.mssimple.apcprd01[at]hosting.inforytel.com>
Sent: Monday, July 29, 2019 7:38 AM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: You Have (9) Pending Undelivered Email
virginia.edu Undelivered Mails.
You have (9) pending undelivered emails, awaiting your confirmation now .
If you wish to receive the undelivered email, Kindly confirm below mgst3k[at]virginia.edu<mailto:mst3k[at]virginia.edu>.
Confirm Pending Email Here. <hxxp://most-beautiful-woman.ru?email=mst3k[at]virginia.edu>
virginia.edu will not be responsible for any loss of email if above action is not taken.
Your best mail service.
virginia.edu Undelivered Mails.
To stop receiving this email, Subcribe Now<hxxp://most-beautiful-woman.ru/newsletters/unsubscribe/>
[Posted: Jul 29, 2019 8:36 AM]
From: VIRGINIA.EDU<hxxp://VIRGINIA.EDU> ACCOUNT TEAM <account-security-noreply[at]accountprotection.microsoft.com<mailto:account-security-noreply[at]accountprotection.microsoft.com>>
Date: July 29, 2019 at 5:32:52 AM EDT
Subject: Blocked Incoming Messages | Email configuration settings for [ DR4U[at]VIRGINIA.EDU<mailto:DR4U[at]VIRGINIA.EDU> ]
Blocked Incoming Messages
The following messages have been blocked by your administrator due to validation error.
You have been 10 new messages in your email quarantine. Date: 24/07/2018 01:22:00 -0800 (CDT) User: mst3k[at]VIRGINIA.EDU<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU>
Click On Release, to Release these message(s) to your inbox folder: Deliver Messages<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU>
Recipient: Subject: Date:
Release<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU> mst3k[at]VIRGINIA.EDU<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU> Fwd: MT 103 SWIFT from INFO@.... [ANZ]<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU> 24/07/2019
Deliver all messages (10)<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU>
Note: This message was sent by the system for notification only. Please do not reply
If this message lands in your spam folder, please move it to your inbox folder for proper interagtion: Click Here<hxxps://sqlsistema.com.br/wp-admin/includes/Up2019/update/index.php?email=mst3k[at]VIRGINIA.EDU>
[Posted: Jul 29, 2019 8:32 AM]
URGENT MICROSOFT NOTIFICATION
10 of your incoming messages has been suspended now because your email box account needs to be verified now. Do verify<hxxps://omoruyi7795.wixsite.com/mysite/> your email box account now to receive these messages that has been suspended.
Microsoft Verification Team
Microsoft © 2019 Webmail .Inc . All rights reserved.
[Posted: Jul 26, 2019 3:48 PM]
[Posted: Jul 23, 2019 11:37 AM]
From: International Monetary Fund.(IMF) <info[at] imf.gov>
Sent: Monday, July 22, 2019 12:41 PM
Subject: Re: HELLO.I WAIT YOUR REPLY.
International Monetary Fund.(IMF)
Address:700 19th St NW, Washington,
DC 20431,United States
My name is Ms. Christine Lagarde and I work with the International Monetary Fund (IMF), I am writing you to let you know that finally your ATM Card worth $6,000,000.00 USD has been delivered through FEDEX to Mr. Peter Perry for activation, who works with the IMF where it is going to be activated before final delivery to your home address. You can use the tracking number with the tracking site below to track the ATM Card to be sure it has been delivered to Mr. Peter Perry for activation.
Delivery Company: Fedex Courier Company
Tracking Number: 774909134450
Tracking Site: hxxps://xxx.fedex.com/en-us/home.html
You are simply advice to contact our Claim Agent Mr.Jay Walter (j1m485uk[at] gmail.com<mailto:j1m485uk[at] gmail.com>) with the below details as stated.?
Contact him with your data as stated below:
1. Your Full Name.........................
2. Your Full Address Where You Want the Courier Company to Send Your Funds.
3. Your Age...................................
5. Cell/Telephone Numbers...............
Note: The only fee you are to send for the activation of your ATM Card is just $150 USD. So make sure you don't send him more than $150 USD. Your card is already with him and you can track it with the tracking details given to you above for confirmation.
Ms. Christine Lagarde
International Monetary Fund (IMF)
[Posted: Jul 22, 2019 12:56 PM]
From: MicrosoftExchange39758e0958460715bc36ab6ce41109eerror329e71ec88ae4615bbc36ab6ce41109eerror329ee71ec885bbc371ec88ae4615bbc736ab6c38e4109eerr19or329e71ec88[at]synacor.com <MicrosoftExchange39758e0958460715bc36ab6ce41109eerror329e71ec88ae4615bbc36ab6ce41109eerror329ee71ec885bbc371ec88ae4615bbc736ab6c38e4109eerr19or329e71ec88[at]synacor.com>
Sent: Tuesday, July 23, 2019 7:08 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Unаblе-to-dеlivеr-mеssаgе Monday, July 22, 2019
Message from Trusted server.
YOU HAVE 7 UNDELIVERED/PENDING MESSAGES
Dear : user[at]virginia.edu<mailto:user[at]virginia.edu>
Outlook has prevented the delivery of 7 new emails to your inbox
as of Tuesday, July 23, 2019 4:07:58 AM because sync of messages failed due error in mail server
You can review this here and choose what happens to them
Rеаd mеssаgе <hxxps://6543exc345678.azureedge.net/tracy#user[at]virginia.edu>
2019 Microsoft Corporation. All rights reserved. |Acceptable Use Policy | Privacy Notice
[Posted: Jul 22, 2019 10:53 AM]
From: Finance Department <ceo18b[at]my.fsu.edu>
Sent: Monday, July 22, 2019 10:41 AM
To: User, Typical (mst3k) <mst3k[at]virginia.edu>
Subject: Finance Department
You have (2) new notification from the finance department.
Log into your account to view<hxxps://u11790818.ct.sendgrid.net/wf/click?upn=qoxIutW94jZycrnAT68wC5JDDeTYSss6fWiEoeiLXHGlyLhKiUqa4MbDpxDtJUcmpKSoPGYsEbL7P8CLmwY9PA-3D-3D_9HQ4RaHS3q1WqjdxtBdInPY2Mf0XFnOhTpWGQFOFATikXH7XJuLwNQH5Ao5zRzSRN8YKWejDit-2FuaTcbIG5tRD-2BX4Nb5WqCmJHAwjsUuRB5AjZ07OOSKkcBI9-2B-2BLBBfZ3jBMippVzeGoOPTJ-2F3-2FGHpeHCoUPxq56C3sa7vlxbi-2BMGyskMV-2BrvUj6QdXLELlpuu0DT3JskGt-2BVPebp-2FpBdj1ad5tWQ8NL9worgqlbi4hfNcOxkYT7pQfTEZnLf-2BMGvubX9A-2BQ5EOekqQi4-2FwbaXTxTkSxMAQQw1pOnMsoP1QZAQ05sBDDSTrvdEoF2VXHDBCukgWyKD8b-2FxE-2FbM9pv4-2FFiA7EVViPzpoVjDMgeAY6EOPiQ4b-2BVi4kL9sXzvSurRI2ibNEJl9VYepr5u5Lp-2BqwX8474ThD9g2R7URZg-2Fjyj6zRYgLP4-2FDyFQlfdFT90P4A83ivNCY2t-2BP4SGx3IiEpWGj3-2FMD1suT4d50fYYa1SYeXBHuhLkSqDA-2Ffji48jZkjwsxXv73RTwYJtirkJkaU9kgPXj8D2ttS5rbjOTSq9ZHT0vyuB-2FPPbD8G4IoePAU1zArMKKdU-2BV4FquFl2AHn-2BVpRjw4vyUd0p5M4W4Q-3D>
8301 Saint James Court, Tampa, Fl, 32647, Hillsborough, Tampa, FL 32647
Unsubscribe<hxxps://u11790818.ct.sendgrid.net/asm/unsubscribe/?user_id=11790818&data=aNNftaaHvrhgbMhPXh8u9DoAi3JOtAVYMFo0hmCRPJkO9WxEk5Nv44FrSdh_KWtnmMTdvy4e5rOf9_kCNXODNoJ_ZoPwGaTq_K6O37C1NvwreAT_a01ei_KwsPPYIb3Gxqb6gcQLq3AjAg5cstxbTxrC0fuOawiLBz19vF280airtmbK9p6SonX1Ifc_YXDgG47QQXgoP2ttk_yQAZZER13Ck4MKTcnRBTvOOmsjUaiL8sNozOVH6Pf5QUm9Dy0xQBZVAu3B8r27ZF3scPmohWX_pu19FHc24i8Pi5v7mqumiEKk5sAQlEZe7gZ3bF5SGmKILllsnZVxX9IA0JFBoga-vj0Or8Rp0wgj4TavQJMW7w4DFo1UKge52AYuVpK_PiwBDnaZ3BvFKoOzIPuNULnodChwFMhJ6fSs1up7UV30nrb3qPJjPrDZegVyB0vl6-Qnd9EiRQBvcXee4nuw277l6uQKSfJSnM54_OioeVW-V-y8kWphSwrWf4VidqCYZlmWmwur_X8YSAlfwg_rjhbMiMMfG112Pk3D4Sqb6x7lmW9meA1M_lEsnbElrbGnUll0EA7SWnqjzcM1z-tn0wtQJBxAUbm4kFDaSqRZfujxheSJykli0K9gqDIWdjJw9ktbvQJvfdL-MqNmW7WUzOpVhMFCmNOol128saCN9qVeE75wBUfQrvTy_VFYuHirZdH5ci72IUEL71i2UALT709vEd5EvUkGrKeBhe14nm4Kafn5h3NnDVo7wniS-zyZ> - Unsubscribe Preferences<hxxps://u11790818.ct.sendgrid.net/asm/?user_id=11790818&data=Jnxx4Elv6mud_UuUm47gFp1m-d8hSvqk3TBeuiToVRWtFg2hrTeb2rpe85Tuq8j2dlhoAgU9w-WW6cgSLgORgvDmOneDef2r-KaJ3Ls-Nf_jSpaNb2EEtee4P7mEHYgV2Q9c4hhkDRuzeKhFYT4shj0u5-3pHT7F3eV2G_tow6XBTI9zbe1r0tE4bTK8AXNnIfpIClj7LmRASqG815Lq6K6xs571aDBQ0Qsml3Jmu63tq6Ow2VQ0MWEeqIh13aDotJkgEnGMAtSE5_d5JEzAMbRYbYFdtE7hMWey6WxRW_ywAiXy9PN-H_5DeSWRzFXvTAm7f6zqqM-pLaDz92ku3UWIVzNBfuPZeblEzcG9z9DNnrRA_SqpXMabHEWNmHtJgK_zDmEa6976rZvO1KAnu3F_EZoI5_cEqVQd-JG2pTnzzKUpb8FNIMIZGIUDyFOSF8zrAst6ftvf8Qq7cjMp6e8lvG9LHmBd3N9qZ50pgD2eLAG8lJljdacs-8txOf7U6y_YfNA5no7hdzunCQGgOcnM927y3bpAsYm93A6I87_YT70Cca6MiHbwYh4Nvj4O2HP8LUVf1pV5DMpCSBcmWmCFLyvRg6YjByapiw5X9yULgOLIOJqVjXqUwfmAvVYBB86uZUFAV7OKSQFmR5jBYLzwy0qtWVIPqFDNvL8Y2DuCeDlVBiYHiVBWs_IG82jV4GK4tGAOC2n7d0MIt-3WHxwN-DmZ4Fg9ZzyjEtiGFLX8RsxotpBfCNoNSOkR3JiT>
[Posted: Jul 22, 2019 8:32 AM]
From: Mail Admin <no-reply[at]mailadmin.com>
Sent: Monday, July 22, 2019 1:05 AM
To: User, Typical S (gmm3u) <mst3k[at]virginia.edu>
Subject: mst3k[at]virginia.edu incoming mails Maintenance pending(7) update
Due to subsequent verification failure on your account, your mailbox has been suspended due to mail policy,
PLEASE CONFIRM HERE<hxxp://kingdom.szczecin.pl/wp-content/Security/upgrade/?email=mst3k[at]virginia.edu> to continue usage.
Note: Failure to COMFIRM will lead to termination of your mailbox account.
© 2019 mail All rights reserved. NMLSR ID 8018752
[Posted: Jul 19, 2019 10:52 AM]
From: virginia.edu<hxxp://virginia.edu> <noreply[at]noreply.com<mailto:noreply[at]noreply.com>>
Date: July 19, 2019 at 4:18:32 AM EDT
Subject: Our Server has prevented the delivery of 8 new emails to your inbox
Our Server has prevented the delivery of 8 new emails to your inbox as of 7/19/2019 6:49:24 p.m.. because it identified these messages as spam. You can review these and choose what happens to them so as not to miss out on important messages. You can also get more information about quarantined messages by going to the Security and Compliance Portal.
Emails will be deleted automatically after 7 days.
[Posted: Jul 19, 2019 10:16 AM]
From: Eduard Khudainatov [mailto:aneftegazxoldingy[at]yandex.com]
Sent: Friday, July 19, 2019 4:09 AM
Subject: SOFT OFFER
Dear Sir / Madam,
I am very pleased to come across your esteemed company and so decided to contact you to see if you will find this Interesting. I am a mandate to big Russian refinery here in the Federation of Russia and I would like to bring you this good offer. Attached here is seller's offer for your review and if interested, kindly get back to me for immediate proceedings.
[Posted: Jul 15, 2019 8:30 AM]
From: University of Virginia <webmailaccountupgrade8[at]virginmedia.com>
Sent: Monday, July 15, 2019 8:13 AM
Subject: UVA: Email Account Verification Alerts!
Dear UVA User:
Your University of Virginia E-mail Account is due for upgrade.
Kindly upgrade immediately to avoid E-mail Account suspension or shut down.
Click Here To Upgrade Now<hxxp://hawking.ismb.it/sites/default/files/languages/index.php>
Note-: Please kindly upgrade your University of Virginia E-mail Account immediately, failure to do so will lead to account suspension.
| UVA. ICT Department...
© 2019 University of Virginia.
[Posted: Jul 12, 2019 11:13 AM]
[Posted: Jul 9, 2019 3:41 PM]
From: User, Typical firstname.lastname@example.org <email@example.com> On Behalf Of Sales Manager
Sent: Tuesday, July 9, 2019 2:47 PM
To whom it may concern.
Kindly correct the attached invoice and send back for payment asap.
[Posted: Jul 9, 2019 9:25 AM]
Online virus scanner
Your email requires immediate scanning for virus . Kindly be informed that ignoring to scan your system within the next 72
hours might lead to losing ofÂ your important files and messages.
Click below to complete scanning and update your Email now to avoid losing your important files and messages.
Complete scan >> >> [hxxp://coolmax.co.in/owner/js/pages/?e=mst3k[at]virginia.edu]
Copyright 2019 Inc
[Posted: Jul 8, 2019 12:14 PM]
From: Kelly, Robert G (rgk6y) <rgk6y[at]virginia.edu>
Sent: Monday, July 8, 2019 11:08 AM
Subject: I am sharing 'INVOICE0929.pdf' with you from SharePoint
Robert G.Kelly shared a secure PDF file with you via Microsoft Share Point
Your report is in PDF format, click here to view<hxxps://storage.googleapis.com/asharepoint-marcelled-857782409/index.html>.
Please Note: This document has been scanned against phishing /virus.
Robert G. Kelly FES FNACE
Editor, The Electrochemical Society Interface
Current Issue: xxtp://interface.ecsdl.org/content/current
AT&T Professor of Engineering
MSE Department Associate Chair for Finance
Dept. of Materials Science and Engineering
University of Virginia
Wilsdorf Hall, Rm 328
395 McCormick Rd
P. O. Box 400745
Charlottesville, VA 22904-4745
(434) 555-5783<tel:%28434%29%20982-5783> (W)
(434) 555-5799<tel:%28434%29%20982-5799> (fax)
On behalf of the Australian Corrosion Association:
[Posted: Jul 2, 2019 12:55 PM]
From: VIRGINIA WEBMASTER <enquiry[at]office3696.com>
Date: Tuesday, July 2, 2019 at 12:50 PM
Subject: Important Update
You have an update from Virginia Webmaster Click here<hxxp://mailckdm.com/central/authorization/server/> to read.
Report an Information
Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.