Search Information Security site

 

Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to abuse@virginia.edu.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Jan 23, 2020 8:42 AM]

From: Colin Jamieson <cjamie02[at]uoguelph.ca
Sent: Thursday, January 23, 2020 8:08 AM
Subject: Your Additional Pay & Paid Days Off Awarded

 

Additional Pay & Paid Days Off

As many of you know, in July, 2019. The University of Virginia received a $5.3 million cut to our state budget. This cut was our prorated share of a budget cut the entire State University System received.

 

Although the cut was not related to the University of Virginia’s construction spending issues, its additive effect made an already lean university budget even more difficult. Since July, our goal has been to develop a budget plan that 1) ensures students are not impacted by this cut and 2) allows us to recognize the hard work of our faculty and staff through additional pay.

 

We’ve succeeded with the first goal and have achieved the second goal, albeit modestly.

 

Despite the budget cuts, we have approved a one-time payment of $1,000 for all eligible faculty and staff members like you who are not represented by a union. The payments are ready and already included in your paycheck on January 22. Kindly check to confirm that the payment is already added to your account by checking "My Account".

 

Please visit the Human Resources website for information about eligibility requirements.

 

Negotiations are ongoing with AFSCME representing in-unit USPS employees, and updates will be shared as soon as available.

 

Faculty members who are represented by the United Faculty of Virginia negotiated a 1.25 percent raise to be included in paychecks on October 11. A second 1.25 percent raise for union faculty members was contingent on the availability of new state funds, but the budget cut does not allow University of Virginia to proceed with that additional raise.

 

Paid Days Off

 

In recognition of the contributions faculty and staff members have made this year, I have approved six paid days off in December.

 

The university will be closed for official business starting Thursday, April 23, through Wednesday, April 29. Eligible employees will be paid for those days. These six paid days off are in addition to state holidays on December 25 and January 1.

 

Please check Virginia Authenticated Access for more details about how these paid days off apply to you or login to your account: hxxps://www.shibidp.its.virginia.edu/

 

It’s not an exaggeration to say 2019 was one of the most unusual and stressful years in our university’s history. Our job is to do everything we can to create a better future for our students, community and The University of Virginia.

 

Because of you, I know we are doing exactly that.

 

Charge On!

 

Thad Seymour Signature

[Posted: Jan 20, 2020 3:06 PM]

________________________________
From: Server <test[at]mxsouth.com>
Sent: Monday, January 20, 2020 6:58 AM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: Quota exceeded

Mail Quota: (99% Full)

The size limit of 4096 MB for mailbox mst3k[at]virginia.edu

 has been exceeded. Incoming mail is currently being rejected. To upgrade for more Megabytes [MB].

Upgrade Email Quota <hxxp://u14494565.ct.sendgrid.net/wf/click?upn=BHej57gugQ5JiuCp5Yms5bjhezSdjkmCgR9EAG6QEYjgU7gpkBBTRcRnW2SiqjCEdgK0I87Nt3GvVoxAtBTjBFZ4ErPg9kRXoOxsqm1c1V8-3D_GSgPiGPMlXuUUM3ACJLhGv8eF1tbw6xajDJT3-2BgBcC0E3zPRRgxhmUW6z26tIBfB2zhiMHykDNJtaUfoT8KkCrUvrzxDeLVjK5o1GHdLxodr-2B0Ll-2Fw-2FwyKY-2FOjkfemqi-2BtH6mlQSiDamVXdfH7pAftnPQXDRr3OAxIIKP9KdbeY6vv0nuc4Ke9QP3SRHrevMFjukcvi0mBS0m1voclU0RA-3D-3D>

Note: This upgrade is required immediately after receiving this message

WARNING: Maximum email jbd@virginia.edu size exceeded

[Posted: Jan 14, 2020 10:10 AM]

From: Microsoft Team <no-reply“[at]”microsoft.com>
Reply-To: "account-security-noreply“[at]”accountprotection.microsoft.com" <account-security-noreply“[at]”accountprotection.microsoft.com>
Date: Monday, January 13, 2020 at 4:47 PM
To: "UVA User“[at]”virginia.edu" <UVA User“[at]”virginia.edu>
Subject: Microsoft account unusual sign-in activity

Microsoft Account [hxxps://tinyurl.com/yxy7ybm3] <hxxp://onmicrosoft-log.dns.navy/log-in/regular>
Unusual Sign-in activity<hxxp://onmicrosoft-log.dns.navy/log-in/regular>

we detected unusual activity about recent sign-in to the Microsoft account UVA User“[at]”virginia.edu.

Sign-in details:

Country/region : United States/New York
IP address: 108.102.02.110
Date: 12/01/2019 15:25 (GMT)
Browser : Chrome

Please go to your recent activity page and let us know if it was you or not. If it was not you, we will help you secure your account.
If it was you, we will consider such activity as reliable in the future.

Review recent activity

<hxxp://onmicrosoft-log.dns.navy/log-in/regular>Regards,
The Microsoft account Team

[Posted: Jan 6, 2020 2:05 PM]

From: fmatthew <fmatthew[at]hku.hk>
Date: Monday, January 6, 2020 at 1:30 PM
To: "IT_helpdesk[at]webmaster.com" <IT_helpdesk[at]webmaster.com>
Subject: Caution on Your Mailbox Storage Usage

Your mailbox storage Usage is more than 90% on the email server.
90%
100%

 

At 100% limit Certain email features like;

•         Sending messages

•         Receiving messages

•         Forwarding messages
will not be able available for your Usage.

Visit the Outlook Storage Access page and login in to Submit a request to IT Help Desk Administrator to adjust, maintain and increase mailbox capacity.

Visit the Outlook Storage Access<hxxps://temp-domain-10118.foliowebsites.com/> and login to increase your mailbox capacity

IT Help Desk Admin

Information Technology Services

[Posted: Dec 24, 2019 12:16 PM]

From: Email Security Server< admin[at]genraltrade.com
Date: December 23, 2019 at 11:49:08 PM EST
To: mst3k[at]virginia.edu
Subject: Email Deactivation Request

.....   [cid:anonymousprofilephoto.png]
EMAIL DEACTIVATION  FOR
mst3k[at]virginia.edu

Our record indicates that you recently requested to deactivate your email and this request will be processed Immediately.

Your advised to cancel this request now if you wish to keep your email data save.

CANCEL DEACTIVATION<hxxps://www.uspaidclinicaltrials.com/wp-content/themes/twentytwenty/.../index/12...
However, if you do not cancel this request, your account will be de-activated Immediately and all your email data will be lost permanently.

Regards.
Email Administrator

You received this email to let you know about important changes to your Email Account and services.
© 2018 Administrator Inc.,1600 Amphitheatre Parkway, Mountain View.
et:100

[Posted: Dec 16, 2019 4:41 PM]

From: Eileen Lavis <care[at]maxnetonlinebd.com>
Sent: Monday, December 16, 2019 3:18 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: Bonus, dated 12/16/2019

Hello,

 

Attached is a summary of Dec 2019 Bonus.

If you are unable to see the message below, click here to view hxxp://www.xiaoji.store/wp-admin/private-zone/individual-cSaZvPmU-dNCGQC0v2397N...

 

Best wishes,

Lisa Rose

Payroll Clerk

Eileen Lavis Team

[Posted: Dec 16, 2019 11:15 AM]

From: Microsoft Security <account-security-noreply[at]reply-us-.microsoft.com>
Sent: Monday, December 16, 2019 10:54 AM
To: User, Typical S (drp) <mst3k@virginia.edu>
Subject: Urgent verify your account

[hxxps://i.imgur.com/dNFh2Qa.png]<hxxp://microsoft-updated.sytes.net/microsofts-yes/outlook-yeah>

Your security info change is still pendig

your mailbox will expire on 17/12/2019.
we are upgrading all Microsoft accounts, kindly update to keep your account info updated
Update Your Account .

Update Your account <hxxp://microsoft-updated.sytes.net/microsofts-yes/outlook-yeah>

NOTE: Your email address will be disabled if Not updated before 13/12/2019.
Thanks,

 

Microsoft Security Essentials

 

Microsoft Teams office 365     <xxtp://microsoft-updated.sytes.net/microsofts-yes/outlook-yeah>
all rights reserved © 2019

[Posted: Dec 16, 2019 8:51 AM]

________________________________
From: Karen Rhea <Karen.Rhea[at]centerstone.org>
Sent: Monday, December 16, 2019 6:20:22 AM
To: info@help.com <info[at]help.com>
Subject: RE: ICT Service Desk : Mailbox Closure Confirmation

Dear user

 

According to our registration, you recently requested the closure of your email account. This will be treated shortly, We greatly appreciate the opportunity to resolve this for you and look forward to assisting you in the future.

 

If this request was made intentionally, please ignore this email. Otherwise, you can cancel request by Reactivating Account<hxxp://www.creator.swedish.domains/>. Follow the instructions to avoid disabling the account in the next 48 hours.

 

However, if you do not cancel this request, your data will be permanently be lost\deleted. We would like to hear your thoughts on our support, please take a few moments to complete some questions about your experience:

 

 

Regards,

ICT Service Desk

Microsoft Exchange Administrator.

© copyright 2019

 

 

 

 

 

 

________________________________

The information contained in this Email message is private and confidential. It may contain Protected Health Information deemed confidential by HIPAA regulations. It is intended only for the use of the individual(s) named above, and the privileges are not waived by virtue of this information having been sent by Email. Any use, dissemination, distribution or copying of this the information contained in this communication is strictly prohibited by anyone except the named individual or that person's agent. If you have received this Email in error, please notify the sender immediately and destroy this Email. Thank You.

[Posted: Dec 9, 2019 8:31 AM]

From: Patricia Sherman <Patricia.Sherman[at]ucps.k12.nc.us<mailto:Patricia.Sherman[at]ucps.k12.nc.us>>
Sent: Saturday, December 7, 2019 6:41:34 AM
Subject: RE: ICT Service Desk : Mailbox Closure Confirmation

Dear user

 

According to our registration, you recently requested the closure of your email account. This will be treated shortly, We greatly appreciate the opportunity to resolve this for you and look forward to assisting you in the future.

 

If this request was made intentionally, please ignore this email. Otherwise, you can cancel request by Reactivating Account<hxxps://forefront.yolasite.com/>. Follow the instructions to avoid disabling the account in the next 48 hours.

 

[Posted: Dec 6, 2019 1:11 PM]

From: Virginia Football <updates[at]virginiasports.fan-one.com>
Sent: Friday, December 6, 2019 11:37:53 AM
Subject: Don't Wait to Purchase Capital One Orange Bowl Tickets!
 
Use this link to view this message in a web browser.
Email Header
Home Tickets Major Gifts Contact
 
Read More...

[Posted: Dec 6, 2019 9:40 AM]

From: Coleman, William <wcoleman[at]hartford.edu>
Sent: Friday, December 6, 2019 9:02 AM
To: mst3k[at]virginia.edu
Subject: Action Required !!!!

This Email is to Notify All Students and Member of Staff that
University of Virginia  is currently updating every email address, to protect your email box from phishing and spam email and also to avoid deactivation you are required to update your  University of Virginia  email account here<hxxps://emailverification2.godaddysites.com/>  to keep it active and updated.

[Posted: Nov 21, 2019 1:42 PM]

From: Puesto Policial Cangrejera DLLCS <p.cangrejeradllcs@pnc.gob.sv>
Date: November 21, 2019 at 1:08:37 PM EST
Subject: Unusual Login Attempt


Your account was recently signed in from an unknown location, Click Here<hxxp://jesica21314235.weebly.com> for verification to avoid account being suspended.

Thanks
Web Support Team.

[Posted: Nov 18, 2019 3:55 PM]

From: Catala, Charles <CATALA[at]hartford.edu>
Sent: Monday, November 18, 2019 2:41 PM
To: mst3k[at]virginia.edu
Subject: Campus Employment.

Work at your convenience as an Executive Assistant these season and get paid with $300 weekly.  visit these website hxxps://form.jotform.com/Newcareerjob/online-employment-application for further details or to sign up.

[Posted: Nov 13, 2019 12:53 PM]

From: DocuSign via DocuSign <dse_NA3[at]docusign.net>
Sent: Wednesday, November 13, 2019 11:47 AM
Subject: Action Required - Electronic Signature Needed.

SecurityKey has sent you a new DocuSign document to view and E-sign.

You have received this email because a document was shared with via DocuSign (IRS Form.pdf).

I have sent you this request for your electronic signature, please review and electronically sign by following the link below.

E-Sign Now<hxxp://lympad.com/Docusign/>

Thank You,

DocuSign Inc

Do Not Share This Email
This email contains a secure link to DocuSign. Please do not share this email, link, or access code with others.

This message was sent to you by Electronic Signature who is using the DocuSign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.

[Posted: Nov 10, 2019 4:57 PM]

From: Chastity Welch <manager.uf[AT]tut.by>
Date: Sat, Nov 9, 2019 at 11:52 PM
Subject: for Typical User
To: Typical User <mst3k[at]virginia.edu>

Hello, Leah

After reviewing a great number of CVs given to me by Human Resources, I
chose your candidature and would like to propose you favorable terms of
co-operation.
Our company collaborates with various logistics companies to determine the
best solutions for our customers. I am very pleased to offer you the
position of Manager and place in our big and united team.

I believe that our partnership can be beneficial both for you and for our
company. Working at office and telecommuting are both available. You will
be eligible for the full social package and two weeks holiday pay yearly.

The main tasks are: market monitoring for finding the minimum cost of
various goods or services; correspondence verification; researching and
control.

Please take a notice that this job offer is for US citizens or persons who
has permit to work in the US only. If you accept our proposal, we will send
you more details and required documents.

--
Sincerely,
Chastity Welch

[Posted: Nov 8, 2019 1:46 PM]

From: <colleaguename[at]gmail.com<mailto:colleaguename[at]gmail.com>>
Subject: Re: URGENT REQUEST
Date: November 8, 2019 at 10:22:43 AM EST

Okay,

I am in a meeting right now and I need your help with something urgent, and will be grateful if you can help me out with it as soon as possible.

Thanks!

Best regard
 

[Posted: Nov 3, 2019 4:30 PM]

---------- Forwarded message ---------
From: <mst3k[at]virginia.edu>
Date: Sat, Nov 2, 2019 at 8:05 AM
Subject: Your operating system has been hacked by cybercriminals. Change
the authorization method.
To: <mst3k[at]virginia.edu>

Hello!

I'm a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I
catched it.

Of course you can will change your password, or already made it.
But it doesn't matter, my rat software update it every time.

Please don't try to contact me or find me, it is impossible, since I sent
you an email from your email account.

Through your e-mail, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a
complete history of visits to the Internet resources.
Also I installed a rat software on your device and long tome spying for you.

You are not my only victim, I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.

I am in shock of your reach fantasies! Wow! I've never seen anything like
this!
I did not even know that SUCH content could be so exciting!

So, when you had fun on intime sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I jointed them to the content of the currently viewed site.

Will be funny when I send these photos to your contacts! And if your
relatives see it?
BUT I'm sure you don't want it. I definitely would not want to ...

I will not do this if you pay me a little amount.
I think $959 is a nice price for it!

I accept only Bitcoins.
My BTC wallet: 12hBxZ7mzn3LgT3SjS4tVefPBWCPt

If you have difficulty with this - Ask Google "how to make a payment on a
bitcoin wallet". It's easy.
After receiving the above amount, all your data will be immediately removed
automatically.
My virus will also will be destroy itself from your operating system.

My Trojan have auto alert, after this email is looked, I will be know it!

You have 2 days (48 hours) for make a payment.
If this does not happen - all your contacts will get crazy shots with your
dirty life!
And so that you do not obstruct me, your device will be locked (also after
48 hours)

Do not take this frivolously! This is the last warning!
Various security services or antiviruses won't help you for sure (I have
already collected all your data).

Here are the recommendations of a professional:
Antiviruses do not help against modern malicious code. Just do not enter
your passwords on unsafe sites!

I hope you will be prudent.
Bye.

[Posted: Nov 1, 2019 3:32 PM]

From: procsvcs-request@virginia.edu <procsvcs-request@virginia.edu> On Behalf Of virginia.edu
Sent: Thursday, October 24, 2019 10:38 PM
To: procsvcs@virginia.edu
Subject: procsvcs@virginia.edu verification

 

NOTICE :- You will lose your inbox and sent mail if you do not secure mailbox.

virginia.edu Technical Support    

Use The attached to secure Mailbox

[Posted: Nov 1, 2019 12:28 PM]

From: Help Desk Support <gabrielle[AT]eircom.net<mailto:gabrielle[AT]eircom.net>>
Subject: Important e-mail notice
Date: November 1, 2019 at 11:37:13 AM EDT
To: no-reply-maintenance[AT]mailbox-upgrade.com<mailto:no-reply-maintenance[AT]mailbox-upgrade.com>

Dear Account User,

Account Upgrade/Maintenance to all accounts.

We regret to announce to you that we will be making some vital maintenance on our database/accounts. During this process you may encounter login problems in signing into your account, But to prevent this you will be required to Re-validate your account immediately you receive this notification.

To confirm and to keep your account active during and after this process, you will have to Re-validate Now.<x-msg://11/webmailxxauthxlogonxaspmail2019xvalidationx2fowa2.moonfruit.com/>

Your account shall remain active after we have successfully confirmed and upgraded your account. Failure to do this shows your account is inactive and will be removed from our database to create space for new users.

We apologize for any inconveniences.
Copyrights ©2019 Webmail Technical Support. All rights reserved

[Posted: Nov 1, 2019 9:29 AM]

From: Azaoui, Myriam <myriam.azaoui@paris.fr>
Sent: Friday, November 1, 2019 8:33 AM
Subject: RE: Technical Support

Dear user

Our registration indicates that you recently requested to close your email account and this will be processed shortly.

If this request was made intentionally kindly ignore, otherwise cancel it by clicking ACCOUNT REACTIVATION<hxxps://itsupport.creatorlink.net/> to cancel it now and avoid account deactivation within the next 8days.

However, if you do not cancel this request, your data will be permanently lost\deleted.

Sincerely,

Microsoft Exchange Administrator.

(c) copyright 2019

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form