Search Information Security site

 

Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Apr 1, 2020 11:51 AM]

From: "virginia.edu" <account-security-noreply[at]accountprotection.microsoft.com>
Date: Wednesday, April 1, 2020 at 11:37 AM
To: "User, Typical S (mst3k)" <mst3k[at]virginia.edu>
Subject: ACCOUNT SHUTDOWN NOTIFICATION

Account Shutdown Notification 

 

 

 

Your account will be suspended in next two days to keep your account, kindly

Click below and follow the instructions to retain your email account  .
 Click here to keep your account safe!

 

If you fail to verify your account within 48hrs, your email will be shutdown

You received this email to let you know about important changes to your Account and services.

virginia.edu © 2020

[Posted: Mar 31, 2020 8:13 AM]

From: DeCoste, Colleen <cdecoste[at]babson.edu>
Sent: Tuesday, March 31, 2020 6:15 AM
Subject: Notice! : from Information Technology Service
 

Your mailbox storage has reached 95% on the email server.

95%

100%

 

 

At 100% limit, Certain email features like;

·Sending messages

·Receiving messages

·Forwarding messages

will not be available for your utilization.

 

Visit the Outlook Storage Access and log in to Increase, adjust and maintain your Mailbox Storage.

 

DeCoste,colleen

Help Desk Admin

Information Technology Service

[Posted: Mar 26, 2020 3:01 PM]

From: Host Domain <vailoa.iefat[at]mnre.gov.ws>
Sent: Thursday, March 26, 2020 2:14 PM
To: mst3k[at]virginia.edu
Subject: ***mst3k[at]virginia.edu*** URGENT ATTENTION NEEDED

Hello

New "11"  incoming e-mail(s) is Blocked in your portal
verify with link below to sort and retrieve the important e-mails.

 Click To Retrieve Your E-mails ([email protected])<hxxp  hafcointernational.com/.ksdfihdd/>

All Messages will be deleted if not verify within 24 hours.

Regards,
Email Admin Team.

(c) 2005 - 2020 Administrator. All Rights Reserved.

[Posted: Mar 26, 2020 2:15 PM]

 

From: Professor at UVA  <[email protected]>
Date: Wednesday, March 25, 2020 at 11:27 AM
To: "Typical User (mst3k)" <[email protected]>
Subject: Quick Request
 
Send me your available text number that I can reach you on—
[The Professor’s signature]

The recipient (Typical User) replied:

to this email with their mobile phone number.
(NOTE:  Typical user's reply went to [email protected] – NOT to the actual professor’s @virginia.edu )  

The scammer then sent them this text:

Graphic of mobile phone text screen

Note that the “Typical User” (in green) asks if the person text them (who is allegedly the professor that “Typical User” knows) has gotten a new phone number because they don’t recognize it.

At this point, Typical User was suspicious and contacted the professor they knew at the phone number they had for them and found it they had not emailed or texted them. 

This was an attempt at a gift card scam!

[Posted: Mar 26, 2020 8:59 AM]

From: EMAIL HOST ADMIN <[email protected]>
Sent: Thursday, March 26, 2020 3:32 AM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: YOUR EMAIL (mst3k]at]virginia.edu) WILL BE SHUTDOWN SHORTLY

Dear mst3k[at]virginia.edu,

Our record indicates that you recently performed a request to shut down your e-mail ( mst3k[at]virginia.edu)  and this request will be processed shortly. If this request was made by error and you do not know about it, we recommend that you cancel it now to avoid loosing your email account.

Cancel deactivation<hxxps cadabams.org/web-verify/roundcube/?email=mst3k[at]virginia.edu>

However, if you do not cancel this request, your account will be closed and all the data in your email will be lost forever.

Regards,

Management Team.

[Posted: Mar 24, 2020 3:30 PM]

Gift card scam emails usually begin with a very brief email that appears to come from somebody you think is important, such as an associate dean, department chair, or your supervisor. 
It asks if you can do them a favor  or give "urgent help".   

If you think the email is a scam - DO NOT RESPOND - forward it to [email protected] for verification.
NO ONE AT UVA SHOULD ASK YOU TO BUY GIFT CARDS IN AN EMAIL MESSAGE.

What follows is an actual gift card scam email sequence to help you spot when you might be the target! 

The initial email:

Date: Friday, March 20, 2020 at 9:38 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject:  Urgent!

Available?

<Actual Supervisor’s Signature>
----------------

To which the employee then replies:

Date: Friday, March 20, 2020 at 10:32 AM
From:  “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <[email protected]>
Subject:  Re: Urgent!

Yes, I'm available to talk.

<Typical User’s Signature>
-----------------

To which the scammer then replies:

Note: Clues that the email might be a phishing / scam email are in bold italics:

Date: Fri, Mar 20, 2020 at 10:35 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re: Re: Urgent!

I’m in a conference right now, can’t talk on phone.I want you to complete a task for me urgently, Let me know if you’ll be able to get it done ASAP.

Thanks!

<Actual Supervisor’s  Signature>
-----------------

To which the employee replies to the scammer's email:

Date: Friday, March 6, 2020  at 10:46 AM
From:  “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re[2]: Urgent!

Okay. I can certainly try depending on the nature of the request. I've got a short window this morning before my first (doc) appt. What would you like for me to assist you with?

<Typical User’s Signature>
-----------------

The scammer replies with their request.

Note the sense of urgency and the unnatural sentence construction.
Date: On Fri, Mar 6, 2020 at 10:52 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re: Re: Urgent!

Here is what you need to do for me quick, I need iTunes gift cards, can you get some at the store right now? I will reimburse you as soon as I’m out of the meeting with any inconveniences.Let me know to advise on denominations to purchase.

Thanks!

<Actual Supervisor’s  Signature>
-----------------

Wanting to be helpful, the employee replies to the scammer.  

Friday, March 20, 2020  at 10:57  AM
From:  “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re: Urgent!

Okay, sure. I can run to the grocery store and pick them up before my appt.. I have a meeting on Grounds in my office at 3:00. I can bring them to you right before that meeting. Would that work for you? How many do you need and in what denominations?

<Typical User’s Signature>
-----------------

The scammer replies.

CLUE: Their reply ignores your suggestion to meet them (sometimes they will say they are to busy to meet you). 

Date:  Fri, Mar 20, 2020 at 10:59 AM
From: “Your Supervisor” <[email protected]>
To:  “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re: Re: Urgent!

All I need you to get is five (5) cards for $100:00 each worth of iTunes gift cards. Scratch-off the bar code and Attach me a clear pictures of the cards showing the codes to me here and keep the hard copies safe with you for me.Hope this is clear ?

<Actual Supervisor’s  Signature>
-----------------

The employee replies to the scammer.  

Date: Fri, Mar 20, 2020 at 11:02 AM  
From:  “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re: Urgent!

Okay. I'll go grab them from wegmans now . I'll send pics of the back of each card with the barcode showing.

<Typical User’s Signature>
-----------------

The employee sends the scammer the pictures of the gift cards they purchased with their own money.  

Date Fri, Mar 20, 2020 at 11:30 AM
From:  “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <[email protected]>
Subject: Cards attached

[cid:170b0bbeaac724a86834]
[cid:170b0bbeaabe0472823] 
[cid:170b0bbeaaca9be5e815]
[cid:170b0bbeaab45784a802]
[cid:170b0bbeaab2194e9881]

(The file names above are the five pictures of the gift cards the employee sent to the scammer.)

<Typical User’s Signature>
-----------------

The scammer thinks the employee didn’t do it right.  

Date: Fri, Mar 20, 2020 at 11:35 AM 
From: “Your Supervisor” <[email protected]>
To: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re: Re: Urgent!

Scratch the bar code and send it here

<Actual Supervisor’s Signature>
-----------------

So, the employee replies to the scammer explaining why they did follow the scammer's directions.  

Date: Friday, March 20, 2020 at 11:37 AM
From: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <[email protected]>
Subject: Re: Re: Urgent!

There is no scratchable barcode. The code at the bottom is the code. The person in the checkout line said this. And I don’t see anything on the card to scratch off

<Typical User’s Signature>
-----------------

The scammer, trying to help the employee, sends an example of what they wanted.

CLUE: If this person was really in a meeting and really busy, how/where did they have example pictures of  gift cards with the bar code scratched off?
And note the “interesting” grammar and sentence construction.  

Friday, March 20, 2020 at 11:38 AM
From: “Your Supervisor” <[email protected]>
To: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re[3]: Re[2]: Urgent!

This am example

[Scammer includes a picture of a gift card with the barcode scratched off.]

<Actual Supervisor’s  Signature>
-----------------

The scammer really wants the employee to do it the way they're expecting.  

Date:  Fri, Mar 20, 2020 at 11:40 AM
From: “Your Supervisor” <[email protected]>
To: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Subject: Re[3]: Re[2]: Cards attached

Scratch the card the way it scratch in the picture I sent to you

<Actual Supervisor’s Signature>
-----------------

The employee starts a NEW message to their supervisor.

The new email automatically retrieves the supervisor’s actual UVA email address (not the fake one the scammer is using). 
The employee sends the pictures of the cards again and their real supervisor asks what's this all about, as they did not ask for gift cards.

From: “Typical User, (mst3k)” <mst3k[at]virginia.edu>
Date: March 20, 2020 at 11:51:59 AM
To:  <<Used the actual UVA email address of the supervisor >>
Subject: Cards with barcodes showing

Sending one more time, just in case

---------- Forwarded message ---------

Date Fri, Mar 20, 2020 at 11:30 AM
From:  “Typical User, (mst3k)” <mst3k[at]virginia.edu>
To: “Your Supervisor” <[email protected]>
Subject: Cards attached

[cid:170b0bbeaac724a86834]
[cid:170b0bbeaabe0472823] 
[cid:170b0bbeaaca9be5e815]
[cid:170b0bbeaab45784a802]
[cid:170b0bbeaab2194e9881]

(The file names above are the five pictures of the gift cards the employee sent to the scammer.)

<Typical User’s Signature>
-----------------

[Posted: Mar 23, 2020 5:36 PM]

From: Virginia Support <fetch[at]pasamam.de>
Sent: Monday, March 23, 2020 2:51 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: Request created on 23 March, 2020 ref: #VZF5330960ZUSL
Importance: High

[logo]
HI Mst3k,

Due the request that you created ID: 08255.
We need to validate you as the ownerof this email mst***[at]virginia.edu<mailto:mst***[at]virginia.edu>.
This validation valid until 24 March, 2020.

СОNFIRM NОW<hxxps blog.djcatver.com/msdomain/Y2RzOWhAdmlyZ2luaWEuZWR1>

________________________________
Thіs еmаіl wаs sеnt tо mst***[at]virginia.edu<mailto:mst***[at]virginia.edu>.

[Posted: Mar 20, 2020 10:40 AM]

To Employee\Staff,

Take note of this important information an unusual activity has been noticed on your account,which might indicate that you might have been targeted by spammers . We advise that you verify your web-mail account immediately. A change of password is not necessarily required, as the ADMIN department is right on top of the situation. Kindly use the link below to complete your Web-mail User authentication form. CLICKHERE<hxxps infooutlookhelp44.creatorlink.net/>  to confirm your account immediately.

Thank you,
IT Support Desk.

[Posted: Mar 20, 2020 8:33 AM]

From: account-security-noreply[at]accountprotection.microsoft.com<mailto:account-security-noreply[at]accountprotection.microsoft.com>
Date: March 20, 2020 at 5:55:27 AM EDT
To: mst3k[at]virginia.edu<mailto:mst3k[at]virginia.edu>
Subject: Unusual Sign-in To Your Account

[Logo]
Unusual Signin<hxxps firebasestorage.googleapis.com/v0/b/outlook-ab2b2.appspot.com/o/nz%2Findex.htm?alt=media&token=b3abd5c2-5485-4944-9ed5-7db492fbb07a#mst3k[at]virginia.edu>

We noticed something about a recent signin on Email.For example you might be signing from a new location device or add.To help keep you safe we039;ve blocked access to your new inbox messages contacts list and calendar for that signin

RESTORE ACCESS<hxxps firebasestorage.googleapis.com/v0/b/outlook-ab2b2.appspot.com/o/nz%2Findex.htm?alt=media&token=b3abd5c2-5485-4944-9ed5-7db492fbb07a#mst3k[at]virginia.edu>

 MICROSOFT
Copyright 2020. All rights Reserved

[Posted: Mar 19, 2020 10:52 AM]

From: Alford, Muriel K. <AlfordMK[at]email.laccd.edu>
Sent: Thursday, March 19, 2020 10:35 AM
Subject: Help Desk Team
 
   

Your mailbox storage has reached 95% on the email server.

95%

100%

 ​

 

At 100% limit, Certain email features like;

·         Sending messages
·         Receiving messages
·         Forwarding messages

 

will not be available for your utilization.

 

Visit the Outlook Storage Access and log in to Increase, adjust and maintain your Mailbox Storage and get more news on Corona virus research team.

 

Information Technology Service

[Posted: Mar 17, 2020 8:43 AM]

From: virginia.edu <minoth[at]networksgy.com>
Sent: Monday, March 16, 2020 8:40 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: Your Email Will be closed on 18th March.

                              Email Server Notification!

Dear sam8f

Due to recent upgrade on our server, you are required to validate your mst3k[at]virginia.edu account on our server urgently.
***Please note that if you fail to validate your account, your email will be considered dormant and will be deleted within 24hrs.

Validate your e-mail account now! <hxxps www.mseindia.org/blog/update/update/?email=mst3k[at]virginia.edu>

Our account validation process is simple and fast.
Thanks for letting us serve you better!

© 2020 virginia.edu

[Posted: Mar 16, 2020 10:50 AM]

From: Microsoft account team <account-accountprotection-us[at]accountprotection.microsoft.com>
Reply-To: "no-reply[at]microsoft.com" <no-reply[at]microsoft.com>
Date: Sunday, March 15, 2020 at 2:32 PM
To: "User, Typical S (mst3k)" <mst3k[at]virginia.edu>
Subject: Microsoft account unusual sign-in activity

[hxxp bit.do/fzRUp]<http://on-microsofts.ddns.net/security/activity>

Unusual Sign-in activity

<hxxp on-microsofts.ddns.net/security/activity>

We detected something unusual about a recent sign-in to the Microsoft account

Sign-in details

Country/region: United States
IP address: 173.45.80.58
Platform: Mac OS
Browser: Chrome

Please go to your recent activity page to let us know whether or not this was you. If this wasn't you, we'll help you to secure your account. If this was you, we'll trust similar activity in the future.

Review recent activity <hxxp on-microsofts.ddns.net/security/activity>

 

The Microsoft account team

Microsoft Team office Center
<hxxp on-microsofts.ddns.net/security/activity>all rights reserved ?? 2020 [hxxp kde.org/open.php?id_campaign=6456&id_list=39&id_user=18828]

[Posted: Mar 16, 2020 8:11 AM]

From: virginia.edu <account-security-noreply[at]accountprotection.microsoft.com>
Sent: Monday, March 16, 2020 7:21 AM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: You failed email deliveries

Dear sam8f

You have three (10) outgoing e-mails pending delivery

Verify your information to deliver your E-mails

Verify Your Email Now< firebasestorage.googleapis.com/v0/b/outlook-ab2b2.appspot.com/o/nz%2Findex.htm?alt=media&token=b3abd5c2-5485-4944-9ed5-7db492fbb07a#mst3k]at]virginia.edu>

 Sincerely,
virginia.edu  Microsoft Account Team ©2020

[Posted: Mar 16, 2020 8:09 AM]

From: Dcn. Lawrence Feldkamp
Sent: Friday, March 13, 2020 10:37 AM
To: Dcn. Lawrence Feldkamp
Subject: New Outlook Web App for Staff/Employee

Welcome to the New Outlook Web App for Staff/Employee,

All Staff/Employee are expected to migrate to the New 2020 Microsoft Outlook Web Portal to enable access Click on Login here < out1.godaddysites.com > and login to migrate immediately and Complete the upgrade:

·    Access the new staff directory

·    Access your pay slips and P60s

·    Update your ID photo

·     E-mail and Calendar Flexibility

·    Connect mobile number to e-mail for voice mail

 

Important notice:  All staffs/Employee are expected to migrate within 24 hours to avoid delay on mail delivery.

 

On behalf of IT Support. This is a group email account and it's been monitored 24/7, therefore, please do not ignore this notification, because it's very compulsory.

Sincerely.
Administrator Service System.

[Posted: Mar 16, 2020 8:04 AM]

From: Eboumbou, Ella <E.Eboumbou[at]bolton.ac.uk>
Sent: Sunday, March 15, 2020 10:14 PM
Subject: Notice! : Email Quota limit
Importance: High

Your Email Quota limit has reached 93% on the email server.
93%
100%

At 100% limit, Certain email features like;

  *   Sending messages
  *   Receiving messages
  *   Forwarding messages
will not be available for your utilization.

visit the outlook storage access<hxxps storageoutlookaccess75534.activehosted.com/f/1> and log in to send a request to your Mailbox Administrator to adjust and maintain your storage Quota.

Eboumbou Ella
IT Help Desk Admin
Office of Information Technology

[Image removed by sender. University of Bolton]<hxxps www.bolton.ac.uk>

This email (and any attachments) is confidential and may contain personal views which are not the views of the University of Bolton unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose information in any way nor act in reliance on it and notify the sender immediately. Please note the University of Bolton monitors emails sent or received. Further communication will signify your consent to this.

[Posted: Mar 13, 2020 3:44 PM]

 

From: Ahmadzadeh, Sahar <S.Ahmadzadeh[at]bolton.ac.uk>
Sent: Friday, March 13, 2020 2:10 PM
Subject: Warning! : Your Security System is Disabled
Importance: High

 

Your Mailbox Security System is outdated and has been automatically disabled. Your Email Account has been classified as an Exposed and Unsafe email account. 

 

The Security System contains your Phishing/spam Filter which is responsible for identifying spam emails, virus-infected and hoax emails. You will not be allowed to send messages to avoid the risk of spreading any virus infected or spam emails.

 

Visit the Outlook Security System page and log in with your email account to automatically updated your security system 2 hours after your login is successfully authenticated.

 

Help Desk Admin
Office of Information Technology Services

[Posted: Mar 13, 2020 3:41 PM]

From: Gusar, Krystyna <K.Gusar[at]liverpool.ac.uk>
Sent: Thursday, March 12, 2020 6:42 PM
To: Helpdesk[at]webmaster.com <Helpdesk[at]webmaster.com>
Subject: Email Security And Spam filter Disabled.

Your Mailbox has been marked as one an unprotected mailbox. The common reason for this is because Your Mailbox Email security and Phish/Spam filter is outdated and has been disabled.

Your Email is Currently  vulnerable to Virus Infection and Hoax emails, It is no longer able to identify Unsolicited Emails, You are required to update and Enable your email security and Filter to make your email invulnerable to viruses and spammers.

Visit The Outlook Storage Access<hxxps://outookstorageaccess.planso.de/pub/forms/5a99158e0c52> page and login to send a request to your email administrator to assist you to update your email security and Phish/Spam filter.

Sincerely,
Gusar Krystyna
2020 Help Desk Team
Information Technology Services

[Posted: Mar 7, 2020 10:43 AM]

Many UVa email addresses have recently received a message purporting to come from a supervisor, dean, department head or Vice President. These are usually one line asking if you are available and frequently have the subject "Urgent Request".

These messages are "spoofed" in that the scammer makes it appear as though they come from inside UVa but if you look at the real From line, it is always an external-to-UVa address.

Furthermore, they always say the sender is in a meeting and cannot be reached by phone. You are asked to buy gift cards, scratch off the codes and then email the sender with the codes.

DO NOT RESPOND TO THESE MESSAGES - if you receive one, immediately forward it to [email protected].

NO ONE AT UVA WILL EVER ASK YOU TO BUY GIFT CARDS IN AN EMAIL MESSAGE.

If you fall for this scam, and purchase gift cards on your personal credit card, contact your credit card company and see if you can dispute the charge.

University Information Security
[email protected]

[Posted: Mar 6, 2020 9:37 AM]

From: John C. Jeffries <gep11[at]cox.net>
Sent: Friday, March 6, 2020 6:11 AM
Subject: [No Subject]

 

 

Do you have a min? I need something done.

[Posted: Mar 2, 2020 9:29 AM]

From: Helpdesk <helpdesk[at]virginia.edu.com>
Date: Monday, March 2, 2020 at 2:27 AM
To: Typical User <mst3k[at]virginia.edu>
Subject: You have 12 pending message(s) in stream virginia.edu

NOTIFICATION

________________________________

Hello rz

You have 12 delayed messages on Friday 28th Of February 2020. Your action is required,

Release Emails Here<2vtjff2>

rectify it above.

MICROSOFT

________________________________

Change how events are added from email  Privacy Statements

Microsoft Corporation. One Microsoft Way, Redmond, WA 98052

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form