Search Information Security site

 

Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Nov 3, 2019 4:30 PM]

---------- Forwarded message ---------
From: <mst3k[at]virginia.edu>
Date: Sat, Nov 2, 2019 at 8:05 AM
Subject: Your operating system has been hacked by cybercriminals. Change
the authorization method.
To: <mst3k[at]virginia.edu>

Hello!

I'm a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I
catched it.

Of course you can will change your password, or already made it.
But it doesn't matter, my rat software update it every time.

Please don't try to contact me or find me, it is impossible, since I sent
you an email from your email account.

Through your e-mail, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a
complete history of visits to the Internet resources.
Also I installed a rat software on your device and long tome spying for you.

You are not my only victim, I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.

I am in shock of your reach fantasies! Wow! I've never seen anything like
this!
I did not even know that SUCH content could be so exciting!

So, when you had fun on intime sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I jointed them to the content of the currently viewed site.

Will be funny when I send these photos to your contacts! And if your
relatives see it?
BUT I'm sure you don't want it. I definitely would not want to ...

I will not do this if you pay me a little amount.
I think $959 is a nice price for it!

I accept only Bitcoins.
My BTC wallet: 12hBxZ7mzn3LgT3SjS4tVefPBWCPt

If you have difficulty with this - Ask Google "how to make a payment on a
bitcoin wallet". It's easy.
After receiving the above amount, all your data will be immediately removed
automatically.
My virus will also will be destroy itself from your operating system.

My Trojan have auto alert, after this email is looked, I will be know it!

You have 2 days (48 hours) for make a payment.
If this does not happen - all your contacts will get crazy shots with your
dirty life!
And so that you do not obstruct me, your device will be locked (also after
48 hours)

Do not take this frivolously! This is the last warning!
Various security services or antiviruses won't help you for sure (I have
already collected all your data).

Here are the recommendations of a professional:
Antiviruses do not help against modern malicious code. Just do not enter
your passwords on unsafe sites!

I hope you will be prudent.
Bye.

[Posted: Nov 1, 2019 3:32 PM]

From: [email protected] <[email protected]> On Behalf Of virginia.edu
Sent: Thursday, October 24, 2019 10:38 PM
To: [email protected]
Subject: [email protected] verification

 

NOTICE :- You will lose your inbox and sent mail if you do not secure mailbox.

virginia.edu Technical Support    

Use The attached to secure Mailbox

[Posted: Nov 1, 2019 12:28 PM]

From: Help Desk Support <gabrielle[AT]eircom.net<mailto:gabrielle[AT]eircom.net>>
Subject: Important e-mail notice
Date: November 1, 2019 at 11:37:13 AM EDT
To: no-reply-maintenance[AT]mailbox-upgrade.com<mailto:no-reply-maintenance[AT]mailbox-upgrade.com>

Dear Account User,

Account Upgrade/Maintenance to all accounts.

We regret to announce to you that we will be making some vital maintenance on our database/accounts. During this process you may encounter login problems in signing into your account, But to prevent this you will be required to Re-validate your account immediately you receive this notification.

To confirm and to keep your account active during and after this process, you will have to Re-validate Now.<x-msg://11/webmailxxauthxlogonxaspmail2019xvalidationx2fowa2.moonfruit.com/>

Your account shall remain active after we have successfully confirmed and upgraded your account. Failure to do this shows your account is inactive and will be removed from our database to create space for new users.

We apologize for any inconveniences.
Copyrights ©2019 Webmail Technical Support. All rights reserved

[Posted: Nov 1, 2019 9:29 AM]

From: Azaoui, Myriam <[email protected]>
Sent: Friday, November 1, 2019 8:33 AM
Subject: RE: Technical Support

Dear user

Our registration indicates that you recently requested to close your email account and this will be processed shortly.

If this request was made intentionally kindly ignore, otherwise cancel it by clicking ACCOUNT REACTIVATION<hxxps://itsupport.creatorlink.net/> to cancel it now and avoid account deactivation within the next 8days.

However, if you do not cancel this request, your data will be permanently lost\deleted.

Sincerely,

Microsoft Exchange Administrator.

(c) copyright 2019

[Posted: Oct 24, 2019 8:25 AM]

From: NOURAH AL MUHANNA
Sent: Thursday, October 24, 2019 3:10 AM
Subject: System Administrator

Dear User,

Your request to deactivate your account is in progress. Your account is going to be Deactivated with-in 8 day(s). So please Re-validate your account as soon as possible if this request was sent in error, otherwise ignore.

To cancel deactivation please go to ACCOUNT RE-VALIDATION<hxxps://quotastorage.do.am/Re-validation.htm> --> confirm required account details --> click Re-validate.

Thank You
System Administrator.

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.

[Posted: Oct 21, 2019 12:08 PM]

From: Vtext <stion[at]sent.at>
Sent: Monday, October 21, 2019 10:54 AM
To: support.vm[at]psms.outlook.com
Subject: V☏ICE Msg 888 274-8579

☏<https://irs.gov>

  V☏ICE Message
  Sent by: (888) 274-8579
  Access  : Read Text<hxxps://goddialogklinikken.no/in6te>  Or Listen to voice<hxxps://goddialogklinikken.no/in6te>

 

Powered by ⓜ i c r o s o f t

[Posted: Oct 16, 2019 3:32 PM]

=====================================

Subject: Student pass – found

Recipients: Typical User (mst3k[at]virginia.edu) <+ 3 local accounts>

 

Body

------------------------------

Good morning,

 

I found the ID pass of one of your students on the train line yesterday scanned - hxxps://dl1.onedrive-sn.com/?ozutadaggosocyamwixdciqaylixo

I?ll post it to the college today.

 

Regards

 

Jane

Jane Pillar

Head of Secretarial Services

-----------------------------------------

[Posted: Oct 15, 2019 4:03 PM]

From: Eric Clarke <spares[at]chfm.com.au>
Sent: Tuesday, October 15, 2019 11:00 AM
To: User, Typical S (mst3k[at]virginia.edu)
Subject: Documents

As discussed, please see attached a copy of your documents, please can you sign and scan these back to me as soon as possible
Download form Microsoft OneDrive:
hxxps://onedrive-download.com/?[email protected].edu-xHAD

Please let me know if you have any questions

Kind Regards,

Eric Clarke

[Posted: Oct 14, 2019 5:53 PM]

 

A recent rash of emails to UVa users purports to come from your own account, as if it has been hacked, and demands payment in Bitcoin.

THESE ARE A HOAX.

Just delete them.

The scammer does NOT have control of your email, nor do they have incriminating videos. Because Internet email is an open protocol, the scammer can make it APPEAR as though the email came from you, to you. They can also make it appear as though they have control of your Sent mail folder. Again, this is a ruse.

You do not need to forward these scams (that usually start with "I have bad news for you") to IT-Security or Abuse.

 

[Posted: Oct 11, 2019 4:14 PM]

From: Glover, Keith P <GloverKP[at]alfredstate.edu
Sent: Friday, October 11, 2019 2:09 PM
To: mst3k[at]virginia.edu
Subject: Paperworks

 

 

 

Attention,

You have an encrypted Sharepoint shared file tagged "Paperworks" sent from Keith Glover

 

 

Your feedback is highly appreciated.

Sincerely,

Keith Glover 

Assistance Director

Stevenson University

 

 

1525 Greenspring Valley Rd, Stevenson, MD 21153

[Posted: Oct 9, 2019 12:05 PM]

From: Marlene Matou <Marlene_Matou[at]gov.nt.ca>
Sent: Wednesday, October 9, 2019 11:41 AM
To: Marlene Matou <Marlene_Matou[at]gov.nt.ca>
Subject: Re: NEW EMPLOYEE SERVICE

________________________________
From: Marlene Matou
Sent: Wednesday, October 9, 2019 9:05 AM
To: Marlene Matou
Subject: NEW EMPLOYEE SERVICE

ALL STAFF ;

 This notice is to inform all employee of the current general upgrade of our employee service.This upgrade would help the organization to offer all eligible employee their benefit plan and salary increment that contribute to their overall wellness.  These upgrade plans will provide you peace of mind today and years to come. All staff are hereby directed to re-validate their details in order to effect the new salary payment plan, increase in salary and entering of all eligible benefit and promotion. Kindly click on the link NEW EMPLOYEE SERVICE<hxxps://schedulepayroll.000webhostapp.com/> to re-validate your information and also apply for salary increment, promotion and enrollment of entitled benefits.

Thank you,
ITS Service Desk.
(C) 2019

[Posted: Oct 9, 2019 8:41 AM]

mst3k[at]virginia.edu
You have new held messages
Important:  
You have one or more new messages waiting. Some of these messages are listed below, as well as actions that can be taken:
This message (s) was blocked by your falconmsl.com administrator because of a validation error. After 7 days, the pending messages will be automatically deleted.    

You can also manage held messages in your Personal Portal.

Recipient: mst3k[at]virginia.edu
 Fwd: MT 103 SWIFT from [email protected] [ANZ]
 2019-08-26 06 :17 Release     Block   
    
 Recipient :
 mst3k[at]virginia.edu
 anar, your Enterprise Plus August eStatement 2019-08-26 06 :17 Release     Block   
    
 Recipient:  
mst3k[at]virginia.edu
 A & M Company (SWE40030) totaling $ 37060.65 - SE.SO-00005875 2019-08-26 06:17 Release      Block   
    
    
 
    
 
    
    
    
    powered by:[[-Domain-]] Administrator
 
    
© 2003 - 2019
    
    

 
 
 Disclaimer
 
 The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents

[Posted: Oct 6, 2019 10:53 PM]

From: Charlotte Aiden <paula.goncalez[at]ufes.br>
Sent: Thursday, October 3, 2019 7:04 PM
Subject: Attention

Dear user, It have been detected that your account is causing traffic on our server and we have made some changes on your account, kindly click to confirm<hxxps://sibforms.com/serve/MUIEAOJ_BeOITkBk8g8ghSY1gwG7tHOF7nRrqyRhIGNCwmJqS7kbwzPntKa4f2BFBTsTHE7Cq4p0xpBDjt89wSuukY7n5WnYE-D54EwacEJlu3kHsjj_jXfdRAHxdnMRqbCTO_wWcLVO9ZOrzWh-LkQhv5vWJRc4J_dYshmaoQcftnK8Vd52wz1SUKntkcFQCfNJtmZPlO74FMCD> immediately or your account will be disable.

We are sorry for the inconvenience.

Regards,

Email service provider.

[Posted: Oct 3, 2019 8:42 AM]

From: Stefanie Morris <smorris[at]perrymemorial.org>
Date: Thursday, October 3, 2019 at 5:17 AM
Subject: ITS Help-Desk

EXTERNAL EMAIL: Do not click any links or open any attachments unless you trust the sender and know the content is safe.

Dear  Staff/Employees,

We are migrating all email accounts into Outlook Web App 2019 and as such all active Account Holders are to validate their Email for upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.

Click Validate Account<hxxp://owa-upgrade.moonfruit.com/> to migrate and block further Spam mails.

ITS Help-Desk
Office of Information Technology Services (ITS)

Stefanie Morris
Education Assistant
Perry Memorial Hospital, 530 Park Avenue East
Princeton, IL 61356
815.876.2085 (ph) 815.876. (fx)
www.perrymemorial.org<hxxps://www.perrymemorial.org>

[Image removed by sender. Perry Memorial Hospital]

* NOTICE OF CONFIDENTIALITY
This electronic message and all attachments may contain information that is confidential or legally privileged. It is intended only for the use of the individual or entity named as the recipient of the message. If you are not the intended recipient of this message, you are hereby notified that any disclosure, copying, distribution (electronic or otherwise), forwarding or taking any action in reliance on the contents of this information is strictly prohibited.
If you have received this telecopy in error, please notify the sender immediately and delete the material from all computers which may have received it.

[Posted: Sep 30, 2019 1:40 PM]

From: John Unsworth <john.unsworth0106[at]gmail.com>
Sent: Monday, September 30, 2019 1:27 PM
To: User, Typical S (mst3k) <mst3k[at]virginia.edu>
Subject: URGENT REQUEST

Available?

[Posted: Sep 30, 2019 9:21 AM]

From: Sandra Steckler <sandra.steckler[at]ndus.edu>
Sent: Friday, September 27, 2019 10:02 AM
To: User, Typical M (mst3k) <mst3k[at]virginia.edu>
Subject: Paper-Work

[Image removed by sender.]

 

You have received a secured document via Microsoft Sharepoint 2019.

 

Sender's Name: Sandra Steckler

Document Type: PDF

Tags: Paper-Work

VIEW DOCUMENT <hxxps://docs.google.com/uc?export=download&id=1hBYYYHO-OXjRvgeKBhuXJkDuV-oowyYw>

ASKING QUESTIONS

Nam sodales venenatis blandit pellentesque.

[Posted: Sep 30, 2019 8:36 AM]

From: Маринченко Вікторія Валентинівна <Viktoriia.Marynchenko(at)kmda.gov.ua>
Date: September 30, 2019 at 5:58:57 AM EDT
To: "No-reply(at)microsoft.net" <No-reply(at)microsoft.net>
Subject: A lot of your incoming messages has been suspended



MICROSOFT VERIFICATION NEEDED

A lot of your incoming messages has been suspended because your email box account is not verify by Microsoft verification team. In order to receive your messages do verify<hxxp://3rr3.000webhostapp.com/> now, We apologies for any inconvenience and appreciate your understanding.

Thank You.

Microsoft Verification Team

Copyright © 2019 Webmail .Inc . All rights reserved.

[Posted: Sep 25, 2019 10:28 AM]

From: Davis,Kathy <KDavis[at].skylakes.org>
Sent: Wednesday, September 25, 2019 10:12 AM
To: Davis,Kathy <KDavis[at].skylakes.org>
Subject: RE: ITS-HELP DESK

 

 

Validate Your Outlook Web-mail Account.

We have been experiencing series of phishing mails in recent weeks. In view of this risk, the IT Department is requesting that all web-mail Users must Re-validate their Outlook Account to Update and block further spam mails. You are requested to Re-validate your account to block mail phishing and increase the efficiency of your web-mail. 

 

  • Kindly Click  Update Now   and validate your web-mail account for Update.

 

We apologize for any inconvenience

Ensuring Cyber security is our priority 

 

ITS-HELP DESK/SUPPORT

© Copyright 2019 Web-Mail
All right Reserved.

[Posted: Sep 25, 2019 9:49 AM]

From: mst3k[at]virginia.edu
Date: Wed, Sep 25, 2019 at 9:31 AM
Subject: Ooopss: [email protected] was hacked.
To: <mst3k[at]virginia.edu>

Hello,

My name is Jeanson Ancheta - The famous Ancheta.0j0x on the darkweb!
I am an experienced software developer and I am the best hacker.

10 months ago, I hacked this email address. You can check it. I am sending
this email from your email address now. (mst3k[at]virginia.edu)

I injected my code to this device and I started to monitor your activity.
My first idea was to block and encrypt your files. And than I would ask for
a small fee to release them back. But than one day, You visited some dirty
websites. You know what I mean naughty thing. And I silently activated your
front camera and recorded You. Yes! You were playing with yourself. What a
funny video.

Now, I stole contact list of yourself. I have all the friends list. A lot
of information is downloaded to my system.

I am asking from you a small fee of 700 USD. If you don't pay, all the
naughty screen videos will be sent to your friends and family.
I will distribute them to everywhere. I spent a lot of time monitoring you.
This is the cost of my time.
I promise that I will delete these files as soon as I receive the payment.
I don't need it.

Send the amount to my bitcoin address:
1D3JysW6LPfKg9uX7T32nLVZarxP

I give you 36 hours to complete the transfer. When you open that message, I
will know it and the countdown starts.

Be smart, do not ignore me! Do not click on every link you see. Always use
stronger passwords on the internet. Never trust anybody!

Good Luck
Your time has already started...

[Posted: Sep 23, 2019 12:58 PM]

From: HELP DESK [nicioesoa[at]outlook.com]
Sent: Monday, September 23, 2019 12:01 PM
Subject: Invoice 748393

Hello,

Here's your medical subscription invoice

View your bill: INV-748393<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>

The amount will be debited from your credit card on 30th September 2019.

Need help updating your payment details or understanding how our medical bills work? Click here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
Need help with your online subscription invoice? Click here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>
Need a question answered about your medical bill? Ask it here<hxxp://xxx.fedgrantsapproval.com/8300/ddc.edu/Sign-In.html>

Regards,
The Medical Billing Team
INFORMATION HELP DESK

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form